xmrig | f644b19eab4bb41c29649e62f353f8d70999e795c897cb24acd78f7008a8bd7a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
Size

2.3MB
MD5

af6aa1e11fce928a2b7a00eab5666260
SHA1

8a45e546f1aab256d4a1b422259e8294a6b981bb
SHA256

f644b19eab4bb41c29649e62f353f8d70999e795c897cb24acd78f7008a8bd7a
SHA512

23a94d9104b793fd86bef20f4ed0bdde81fc9380e64d6b7c93ba5f83c97ad662beb6bf2a450dae5c83b259b3e9acdfdc8db24be00cc68a333a18034d4eca68e0
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQHxWiVuZNV+pKfkaTb:BemTLkNdfE0pZrQu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1312-0-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp	xmrig
behavioral2/files/0x000800000002328e-5.dat	xmrig
behavioral2/memory/4864-7-0x00007FF621F20000-0x00007FF622274000-memory.dmp	xmrig
behavioral2/files/0x0008000000023428-10.dat	xmrig
behavioral2/files/0x0007000000023429-12.dat	xmrig
behavioral2/memory/1660-20-0x00007FF60A460000-0x00007FF60A7B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-24.dat	xmrig
behavioral2/memory/3484-23-0x00007FF6B5070000-0x00007FF6B53C4000-memory.dmp	xmrig
behavioral2/memory/1676-16-0x00007FF665AF0000-0x00007FF665E44000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-28.dat	xmrig
behavioral2/files/0x0009000000023421-35.dat	xmrig
behavioral2/files/0x000700000002342c-41.dat	xmrig
behavioral2/files/0x000700000002342d-45.dat	xmrig
behavioral2/memory/5088-37-0x00007FF692820000-0x00007FF692B74000-memory.dmp	xmrig
behavioral2/memory/4168-48-0x00007FF6B7C90000-0x00007FF6B7FE4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342e-51.dat	xmrig
behavioral2/memory/3928-53-0x00007FF765270000-0x00007FF7655C4000-memory.dmp	xmrig
behavioral2/files/0x000700000002342f-62.dat	xmrig
behavioral2/files/0x0007000000023430-64.dat	xmrig
behavioral2/files/0x0007000000023432-74.dat	xmrig
behavioral2/files/0x0007000000023431-72.dat	xmrig
behavioral2/memory/3740-59-0x00007FF7C0400000-0x00007FF7C0754000-memory.dmp	xmrig
behavioral2/memory/4088-76-0x00007FF6C1730000-0x00007FF6C1A84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023433-80.dat	xmrig
behavioral2/memory/392-85-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-92.dat	xmrig
behavioral2/memory/2076-97-0x00007FF63C030000-0x00007FF63C384000-memory.dmp	xmrig
behavioral2/memory/4944-99-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp	xmrig
behavioral2/memory/1484-100-0x00007FF735C90000-0x00007FF735FE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023438-96.dat	xmrig
behavioral2/memory/3956-90-0x00007FF680990000-0x00007FF680CE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023437-89.dat	xmrig
behavioral2/files/0x0007000000023439-105.dat	xmrig
behavioral2/files/0x000700000002343b-119.dat	xmrig
behavioral2/files/0x000700000002343d-125.dat	xmrig
behavioral2/files/0x000700000002343e-133.dat	xmrig
behavioral2/files/0x0007000000023440-143.dat	xmrig
behavioral2/files/0x0007000000023444-164.dat	xmrig
behavioral2/files/0x0007000000023446-174.dat	xmrig
behavioral2/files/0x0007000000023447-178.dat	xmrig
behavioral2/files/0x0007000000023445-168.dat	xmrig
behavioral2/files/0x0007000000023443-159.dat	xmrig
behavioral2/files/0x0007000000023442-154.dat	xmrig
behavioral2/files/0x0007000000023441-149.dat	xmrig
behavioral2/files/0x000700000002343f-139.dat	xmrig
behavioral2/memory/4496-579-0x00007FF63EA50000-0x00007FF63EDA4000-memory.dmp	xmrig
behavioral2/memory/3844-620-0x00007FF682760000-0x00007FF682AB4000-memory.dmp	xmrig
behavioral2/memory/1816-615-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp	xmrig
behavioral2/memory/1680-612-0x00007FF670840000-0x00007FF670B94000-memory.dmp	xmrig
behavioral2/memory/388-607-0x00007FF723820000-0x00007FF723B74000-memory.dmp	xmrig
behavioral2/memory/3016-600-0x00007FF6F3300000-0x00007FF6F3654000-memory.dmp	xmrig
behavioral2/memory/2640-596-0x00007FF7C4910000-0x00007FF7C4C64000-memory.dmp	xmrig
behavioral2/memory/1104-592-0x00007FF6B99E0000-0x00007FF6B9D34000-memory.dmp	xmrig
behavioral2/memory/2716-588-0x00007FF670DE0000-0x00007FF671134000-memory.dmp	xmrig
behavioral2/memory/2212-583-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-123.dat	xmrig
behavioral2/files/0x000700000002343a-113.dat	xmrig
behavioral2/memory/1980-83-0x00007FF6796B0000-0x00007FF679A04000-memory.dmp	xmrig
behavioral2/memory/3840-629-0x00007FF6A3420000-0x00007FF6A3774000-memory.dmp	xmrig
behavioral2/memory/2760-632-0x00007FF7C02B0000-0x00007FF7C0604000-memory.dmp	xmrig
behavioral2/memory/5100-636-0x00007FF653720000-0x00007FF653A74000-memory.dmp	xmrig
behavioral2/memory/3680-625-0x00007FF71F7E0000-0x00007FF71FB34000-memory.dmp	xmrig
behavioral2/memory/1312-1026-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp	xmrig
behavioral2/memory/4864-1822-0x00007FF621F20000-0x00007FF622274000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4864	NbYgQQr.exe
1676	awbWXWF.exe
1660	HxRbDiu.exe
3484	clHLqeD.exe
5088	sneqlHt.exe
4168	gfOCuXt.exe
3740	vYzThkR.exe
3928	OPMLVrs.exe
4088	LZXBvob.exe
2076	QLIQGfD.exe
1980	YLxQRVi.exe
4944	QvEqTOs.exe
392	XzZPkEh.exe
1484	TEahPus.exe
4496	oDyGmtS.exe
3956	QmTqTXr.exe
2760	AlzdYsd.exe
5100	yQacfRM.exe
2212	TtYDcOz.exe
2716	WQWTFXr.exe
1104	WaiYqCZ.exe
2640	lJJUkZX.exe
3016	riPVIMo.exe
388	BZrCvBo.exe
1680	jhbxImU.exe
1816	ZVCskEZ.exe
3844	ONCOLci.exe
3680	WOMmBbK.exe
3840	VIvxEQd.exe
4628	rGseSTH.exe
3564	rjAshBF.exe
468	uYUzzMf.exe
3032	ihzGiPi.exe
2204	czVyhZA.exe
1224	fQdLyBz.exe
4724	TRgJtJy.exe
1516	tSTAcyb.exe
4736	fIUcTMP.exe
1132	AWPfGpX.exe
1336	ocqaZYj.exe
4832	KkWLouU.exe
2968	JZgDaNk.exe
1800	hecsMYV.exe
1480	wYqZRgV.exe
4416	sJShqKL.exe
4396	rMRIjcg.exe
632	cEhHQKX.exe
2224	ZvxyEEG.exe
956	EPfNSnk.exe
1440	YKYMmcn.exe
2416	sCJlpWw.exe
4024	EsJDWfL.exe
3664	LeWvuix.exe
4540	WJZPpuR.exe
400	XOBVxmb.exe
3396	TtdRJbq.exe
100	DkShDEo.exe
4044	AjZzLHg.exe
2908	GPAXOPX.exe
4228	zWajhpK.exe
4792	WKJTzyX.exe
4476	WwMsSwX.exe
2764	icMOnLu.exe
2972	WaZhZbk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1312-0-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp	upx
behavioral2/files/0x000800000002328e-5.dat	upx
behavioral2/memory/4864-7-0x00007FF621F20000-0x00007FF622274000-memory.dmp	upx
behavioral2/files/0x0008000000023428-10.dat	upx
behavioral2/files/0x0007000000023429-12.dat	upx
behavioral2/memory/1660-20-0x00007FF60A460000-0x00007FF60A7B4000-memory.dmp	upx
behavioral2/files/0x000700000002342a-24.dat	upx
behavioral2/memory/3484-23-0x00007FF6B5070000-0x00007FF6B53C4000-memory.dmp	upx
behavioral2/memory/1676-16-0x00007FF665AF0000-0x00007FF665E44000-memory.dmp	upx
behavioral2/files/0x000700000002342b-28.dat	upx
behavioral2/files/0x0009000000023421-35.dat	upx
behavioral2/files/0x000700000002342c-41.dat	upx
behavioral2/files/0x000700000002342d-45.dat	upx
behavioral2/memory/5088-37-0x00007FF692820000-0x00007FF692B74000-memory.dmp	upx
behavioral2/memory/4168-48-0x00007FF6B7C90000-0x00007FF6B7FE4000-memory.dmp	upx
behavioral2/files/0x000700000002342e-51.dat	upx
behavioral2/memory/3928-53-0x00007FF765270000-0x00007FF7655C4000-memory.dmp	upx
behavioral2/files/0x000700000002342f-62.dat	upx
behavioral2/files/0x0007000000023430-64.dat	upx
behavioral2/files/0x0007000000023432-74.dat	upx
behavioral2/files/0x0007000000023431-72.dat	upx
behavioral2/memory/3740-59-0x00007FF7C0400000-0x00007FF7C0754000-memory.dmp	upx
behavioral2/memory/4088-76-0x00007FF6C1730000-0x00007FF6C1A84000-memory.dmp	upx
behavioral2/files/0x0007000000023433-80.dat	upx
behavioral2/memory/392-85-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp	upx
behavioral2/files/0x0007000000023436-92.dat	upx
behavioral2/memory/2076-97-0x00007FF63C030000-0x00007FF63C384000-memory.dmp	upx
behavioral2/memory/4944-99-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp	upx
behavioral2/memory/1484-100-0x00007FF735C90000-0x00007FF735FE4000-memory.dmp	upx
behavioral2/files/0x0007000000023438-96.dat	upx
behavioral2/memory/3956-90-0x00007FF680990000-0x00007FF680CE4000-memory.dmp	upx
behavioral2/files/0x0007000000023437-89.dat	upx
behavioral2/files/0x0007000000023439-105.dat	upx
behavioral2/files/0x000700000002343b-119.dat	upx
behavioral2/files/0x000700000002343d-125.dat	upx
behavioral2/files/0x000700000002343e-133.dat	upx
behavioral2/files/0x0007000000023440-143.dat	upx
behavioral2/files/0x0007000000023444-164.dat	upx
behavioral2/files/0x0007000000023446-174.dat	upx
behavioral2/files/0x0007000000023447-178.dat	upx
behavioral2/files/0x0007000000023445-168.dat	upx
behavioral2/files/0x0007000000023443-159.dat	upx
behavioral2/files/0x0007000000023442-154.dat	upx
behavioral2/files/0x0007000000023441-149.dat	upx
behavioral2/files/0x000700000002343f-139.dat	upx
behavioral2/memory/4496-579-0x00007FF63EA50000-0x00007FF63EDA4000-memory.dmp	upx
behavioral2/memory/3844-620-0x00007FF682760000-0x00007FF682AB4000-memory.dmp	upx
behavioral2/memory/1816-615-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp	upx
behavioral2/memory/1680-612-0x00007FF670840000-0x00007FF670B94000-memory.dmp	upx
behavioral2/memory/388-607-0x00007FF723820000-0x00007FF723B74000-memory.dmp	upx
behavioral2/memory/3016-600-0x00007FF6F3300000-0x00007FF6F3654000-memory.dmp	upx
behavioral2/memory/2640-596-0x00007FF7C4910000-0x00007FF7C4C64000-memory.dmp	upx
behavioral2/memory/1104-592-0x00007FF6B99E0000-0x00007FF6B9D34000-memory.dmp	upx
behavioral2/memory/2716-588-0x00007FF670DE0000-0x00007FF671134000-memory.dmp	upx
behavioral2/memory/2212-583-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp	upx
behavioral2/files/0x000700000002343c-123.dat	upx
behavioral2/files/0x000700000002343a-113.dat	upx
behavioral2/memory/1980-83-0x00007FF6796B0000-0x00007FF679A04000-memory.dmp	upx
behavioral2/memory/3840-629-0x00007FF6A3420000-0x00007FF6A3774000-memory.dmp	upx
behavioral2/memory/2760-632-0x00007FF7C02B0000-0x00007FF7C0604000-memory.dmp	upx
behavioral2/memory/5100-636-0x00007FF653720000-0x00007FF653A74000-memory.dmp	upx
behavioral2/memory/3680-625-0x00007FF71F7E0000-0x00007FF71FB34000-memory.dmp	upx
behavioral2/memory/1312-1026-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp	upx
behavioral2/memory/4864-1822-0x00007FF621F20000-0x00007FF622274000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\utuzoHj.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\QGFEhNW.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TKJUNEK.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TEahPus.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\zWajhpK.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\WfUQaSV.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\plmuBHQ.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\jbopAmy.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\IdFPtMm.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\rTLiDBw.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\CYHYBRF.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\JfeBMXj.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\mcnQxBc.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\iqSsBph.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\wFdMBiC.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\YVvRPPY.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\JhgTFnW.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\XzZPkEh.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\ktWUyNB.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\YiPZVDU.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\pzIqyly.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\JsFFFPL.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\YvxJAyh.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TYbkCbW.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\NUFCeTE.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\HxRbDiu.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\vYzThkR.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\BZrCvBo.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\AFSBkEz.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\ieqTxUB.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\YROlZKQ.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\HyxFYzS.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\nSDnTon.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TfMCcAp.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TeqrzVO.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\AewwVeS.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\ghOSYSO.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\NCEDCyu.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\vxllgFx.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\asZCGxN.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\TtdRJbq.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\YuJfTVx.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\niiVOlD.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\KEdHUyi.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\XvpIqpS.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\sJLEeet.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\OpjiHEf.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\RLbMuWZ.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\EzzlUJa.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\oFBgQzG.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\aDYqBxZ.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\lXkYzim.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\EbFnPZz.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\fDyfpLG.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\aPTyizi.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\WzltBYw.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\WOMmBbK.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\DkbUlqv.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\vmVYcGp.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\eJstnMC.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\wqqDtOd.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\wUjtIWS.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\JRGtAKK.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
File created	C:\Windows\System\LkNCGcK.exe	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4576	dwm.exe
Token: SeChangeNotifyPrivilege	4576	dwm.exe
Token: 33	4576	dwm.exe
Token: SeIncBasePriorityPrivilege	4576	dwm.exe
Token: SeShutdownPrivilege	4576	dwm.exe
Token: SeCreatePagefilePrivilege	4576	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 4864	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	83
PID 1312 wrote to memory of 4864	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	83
PID 1312 wrote to memory of 1676	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	84
PID 1312 wrote to memory of 1676	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	84
PID 1312 wrote to memory of 1660	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	86
PID 1312 wrote to memory of 1660	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	86
PID 1312 wrote to memory of 3484	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	87
PID 1312 wrote to memory of 3484	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	87
PID 1312 wrote to memory of 5088	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	88
PID 1312 wrote to memory of 5088	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	88
PID 1312 wrote to memory of 4168	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	90
PID 1312 wrote to memory of 4168	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	90
PID 1312 wrote to memory of 3740	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	91
PID 1312 wrote to memory of 3740	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	91
PID 1312 wrote to memory of 3928	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	92
PID 1312 wrote to memory of 3928	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	92
PID 1312 wrote to memory of 4088	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	93
PID 1312 wrote to memory of 4088	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	93
PID 1312 wrote to memory of 2076	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	95
PID 1312 wrote to memory of 2076	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	95
PID 1312 wrote to memory of 1980	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	96
PID 1312 wrote to memory of 1980	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	96
PID 1312 wrote to memory of 4944	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	97
PID 1312 wrote to memory of 4944	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	97
PID 1312 wrote to memory of 392	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	98
PID 1312 wrote to memory of 392	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	98
PID 1312 wrote to memory of 1484	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	99
PID 1312 wrote to memory of 1484	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	99
PID 1312 wrote to memory of 4496	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	100
PID 1312 wrote to memory of 4496	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	100
PID 1312 wrote to memory of 3956	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	101
PID 1312 wrote to memory of 3956	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	101
PID 1312 wrote to memory of 2760	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	102
PID 1312 wrote to memory of 2760	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	102
PID 1312 wrote to memory of 5100	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	103
PID 1312 wrote to memory of 5100	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	103
PID 1312 wrote to memory of 2212	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	104
PID 1312 wrote to memory of 2212	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	104
PID 1312 wrote to memory of 2716	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	105
PID 1312 wrote to memory of 2716	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	105
PID 1312 wrote to memory of 1104	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	106
PID 1312 wrote to memory of 1104	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	106
PID 1312 wrote to memory of 2640	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	107
PID 1312 wrote to memory of 2640	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	107
PID 1312 wrote to memory of 3016	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	108
PID 1312 wrote to memory of 3016	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	108
PID 1312 wrote to memory of 388	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	109
PID 1312 wrote to memory of 388	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	109
PID 1312 wrote to memory of 1680	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	110
PID 1312 wrote to memory of 1680	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	110
PID 1312 wrote to memory of 1816	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	111
PID 1312 wrote to memory of 1816	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	111
PID 1312 wrote to memory of 3844	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	112
PID 1312 wrote to memory of 3844	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	112
PID 1312 wrote to memory of 3680	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	113
PID 1312 wrote to memory of 3680	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	113
PID 1312 wrote to memory of 3840	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	114
PID 1312 wrote to memory of 3840	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	114
PID 1312 wrote to memory of 4628	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	115
PID 1312 wrote to memory of 4628	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	115
PID 1312 wrote to memory of 3564	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	116
PID 1312 wrote to memory of 3564	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	116
PID 1312 wrote to memory of 468	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	117
PID 1312 wrote to memory of 468	1312	af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af6aa1e11fce928a2b7a00eab5666260_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\System\NbYgQQr.exe
  C:\Windows\System\NbYgQQr.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\awbWXWF.exe
  C:\Windows\System\awbWXWF.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\HxRbDiu.exe
  C:\Windows\System\HxRbDiu.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\clHLqeD.exe
  C:\Windows\System\clHLqeD.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\sneqlHt.exe
  C:\Windows\System\sneqlHt.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\gfOCuXt.exe
  C:\Windows\System\gfOCuXt.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\vYzThkR.exe
  C:\Windows\System\vYzThkR.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\OPMLVrs.exe
  C:\Windows\System\OPMLVrs.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\LZXBvob.exe
  C:\Windows\System\LZXBvob.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\QLIQGfD.exe
  C:\Windows\System\QLIQGfD.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\YLxQRVi.exe
  C:\Windows\System\YLxQRVi.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\QvEqTOs.exe
  C:\Windows\System\QvEqTOs.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\XzZPkEh.exe
  C:\Windows\System\XzZPkEh.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\TEahPus.exe
  C:\Windows\System\TEahPus.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\oDyGmtS.exe
  C:\Windows\System\oDyGmtS.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\QmTqTXr.exe
  C:\Windows\System\QmTqTXr.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\AlzdYsd.exe
  C:\Windows\System\AlzdYsd.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\yQacfRM.exe
  C:\Windows\System\yQacfRM.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\TtYDcOz.exe
  C:\Windows\System\TtYDcOz.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\WQWTFXr.exe
  C:\Windows\System\WQWTFXr.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\WaiYqCZ.exe
  C:\Windows\System\WaiYqCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\lJJUkZX.exe
  C:\Windows\System\lJJUkZX.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\riPVIMo.exe
  C:\Windows\System\riPVIMo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\BZrCvBo.exe
  C:\Windows\System\BZrCvBo.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\jhbxImU.exe
  C:\Windows\System\jhbxImU.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ZVCskEZ.exe
  C:\Windows\System\ZVCskEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ONCOLci.exe
  C:\Windows\System\ONCOLci.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\WOMmBbK.exe
  C:\Windows\System\WOMmBbK.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\VIvxEQd.exe
  C:\Windows\System\VIvxEQd.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\rGseSTH.exe
  C:\Windows\System\rGseSTH.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\rjAshBF.exe
  C:\Windows\System\rjAshBF.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\uYUzzMf.exe
  C:\Windows\System\uYUzzMf.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\ihzGiPi.exe
  C:\Windows\System\ihzGiPi.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\czVyhZA.exe
  C:\Windows\System\czVyhZA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\fQdLyBz.exe
  C:\Windows\System\fQdLyBz.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\TRgJtJy.exe
  C:\Windows\System\TRgJtJy.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\tSTAcyb.exe
  C:\Windows\System\tSTAcyb.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\fIUcTMP.exe
  C:\Windows\System\fIUcTMP.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\AWPfGpX.exe
  C:\Windows\System\AWPfGpX.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\ocqaZYj.exe
  C:\Windows\System\ocqaZYj.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\KkWLouU.exe
  C:\Windows\System\KkWLouU.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\JZgDaNk.exe
  C:\Windows\System\JZgDaNk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\hecsMYV.exe
  C:\Windows\System\hecsMYV.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\wYqZRgV.exe
  C:\Windows\System\wYqZRgV.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\sJShqKL.exe
  C:\Windows\System\sJShqKL.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\rMRIjcg.exe
  C:\Windows\System\rMRIjcg.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\cEhHQKX.exe
  C:\Windows\System\cEhHQKX.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\ZvxyEEG.exe
  C:\Windows\System\ZvxyEEG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\EPfNSnk.exe
  C:\Windows\System\EPfNSnk.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\YKYMmcn.exe
  C:\Windows\System\YKYMmcn.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\sCJlpWw.exe
  C:\Windows\System\sCJlpWw.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\EsJDWfL.exe
  C:\Windows\System\EsJDWfL.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\LeWvuix.exe
  C:\Windows\System\LeWvuix.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\WJZPpuR.exe
  C:\Windows\System\WJZPpuR.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\XOBVxmb.exe
  C:\Windows\System\XOBVxmb.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\TtdRJbq.exe
  C:\Windows\System\TtdRJbq.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\DkShDEo.exe
  C:\Windows\System\DkShDEo.exe
  2⤵
  - Executes dropped EXE
  PID:100
- C:\Windows\System\AjZzLHg.exe
  C:\Windows\System\AjZzLHg.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\GPAXOPX.exe
  C:\Windows\System\GPAXOPX.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\zWajhpK.exe
  C:\Windows\System\zWajhpK.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\WKJTzyX.exe
  C:\Windows\System\WKJTzyX.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\WwMsSwX.exe
  C:\Windows\System\WwMsSwX.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\icMOnLu.exe
  C:\Windows\System\icMOnLu.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\WaZhZbk.exe
  C:\Windows\System\WaZhZbk.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ijVldnz.exe
  C:\Windows\System\ijVldnz.exe
  2⤵
  PID:1400
- C:\Windows\System\DGIXeCk.exe
  C:\Windows\System\DGIXeCk.exe
  2⤵
  PID:3832
- C:\Windows\System\MkDAwmc.exe
  C:\Windows\System\MkDAwmc.exe
  2⤵
  PID:2488
- C:\Windows\System\nJcLOtG.exe
  C:\Windows\System\nJcLOtG.exe
  2⤵
  PID:4552
- C:\Windows\System\OpjiHEf.exe
  C:\Windows\System\OpjiHEf.exe
  2⤵
  PID:4020
- C:\Windows\System\QNOmVvC.exe
  C:\Windows\System\QNOmVvC.exe
  2⤵
  PID:1916
- C:\Windows\System\iXdhDZt.exe
  C:\Windows\System\iXdhDZt.exe
  2⤵
  PID:1992
- C:\Windows\System\NMrLzxk.exe
  C:\Windows\System\NMrLzxk.exe
  2⤵
  PID:3400
- C:\Windows\System\VcNBLiE.exe
  C:\Windows\System\VcNBLiE.exe
  2⤵
  PID:372
- C:\Windows\System\LNmDxXm.exe
  C:\Windows\System\LNmDxXm.exe
  2⤵
  PID:3748
- C:\Windows\System\DkbUlqv.exe
  C:\Windows\System\DkbUlqv.exe
  2⤵
  PID:4604
- C:\Windows\System\wYqquaX.exe
  C:\Windows\System\wYqquaX.exe
  2⤵
  PID:5080
- C:\Windows\System\CsRUclW.exe
  C:\Windows\System\CsRUclW.exe
  2⤵
  PID:3568
- C:\Windows\System\jJjjUIN.exe
  C:\Windows\System\jJjjUIN.exe
  2⤵
  PID:4788
- C:\Windows\System\KDFllnc.exe
  C:\Windows\System\KDFllnc.exe
  2⤵
  PID:1644
- C:\Windows\System\YuJfTVx.exe
  C:\Windows\System\YuJfTVx.exe
  2⤵
  PID:3692
- C:\Windows\System\oOAPvpY.exe
  C:\Windows\System\oOAPvpY.exe
  2⤵
  PID:4212
- C:\Windows\System\igyyvLQ.exe
  C:\Windows\System\igyyvLQ.exe
  2⤵
  PID:432
- C:\Windows\System\gFWUjKb.exe
  C:\Windows\System\gFWUjKb.exe
  2⤵
  PID:4296
- C:\Windows\System\vfkxOii.exe
  C:\Windows\System\vfkxOii.exe
  2⤵
  PID:4432
- C:\Windows\System\VQhgzBW.exe
  C:\Windows\System\VQhgzBW.exe
  2⤵
  PID:4204
- C:\Windows\System\wZWhBqm.exe
  C:\Windows\System\wZWhBqm.exe
  2⤵
  PID:4764
- C:\Windows\System\KYaBZHD.exe
  C:\Windows\System\KYaBZHD.exe
  2⤵
  PID:60
- C:\Windows\System\WfUQaSV.exe
  C:\Windows\System\WfUQaSV.exe
  2⤵
  PID:3720
- C:\Windows\System\ZbaTzLh.exe
  C:\Windows\System\ZbaTzLh.exe
  2⤵
  PID:5124
- C:\Windows\System\nBIFFbm.exe
  C:\Windows\System\nBIFFbm.exe
  2⤵
  PID:5152
- C:\Windows\System\QUjNZsh.exe
  C:\Windows\System\QUjNZsh.exe
  2⤵
  PID:5180
- C:\Windows\System\rJPkUyM.exe
  C:\Windows\System\rJPkUyM.exe
  2⤵
  PID:5208
- C:\Windows\System\mbiIEwO.exe
  C:\Windows\System\mbiIEwO.exe
  2⤵
  PID:5236
- C:\Windows\System\AuyhyAn.exe
  C:\Windows\System\AuyhyAn.exe
  2⤵
  PID:5264
- C:\Windows\System\ktWUyNB.exe
  C:\Windows\System\ktWUyNB.exe
  2⤵
  PID:5288
- C:\Windows\System\OVaRWTQ.exe
  C:\Windows\System\OVaRWTQ.exe
  2⤵
  PID:5320
- C:\Windows\System\YCVXRra.exe
  C:\Windows\System\YCVXRra.exe
  2⤵
  PID:5344
- C:\Windows\System\kOJYXcX.exe
  C:\Windows\System\kOJYXcX.exe
  2⤵
  PID:5372
- C:\Windows\System\etOByQl.exe
  C:\Windows\System\etOByQl.exe
  2⤵
  PID:5400
- C:\Windows\System\LJWIAWL.exe
  C:\Windows\System\LJWIAWL.exe
  2⤵
  PID:5428
- C:\Windows\System\XnoeTjS.exe
  C:\Windows\System\XnoeTjS.exe
  2⤵
  PID:5456
- C:\Windows\System\onmkEyX.exe
  C:\Windows\System\onmkEyX.exe
  2⤵
  PID:5488
- C:\Windows\System\RIhWItv.exe
  C:\Windows\System\RIhWItv.exe
  2⤵
  PID:5516
- C:\Windows\System\dqsejym.exe
  C:\Windows\System\dqsejym.exe
  2⤵
  PID:5540
- C:\Windows\System\YOQEMQC.exe
  C:\Windows\System\YOQEMQC.exe
  2⤵
  PID:5572
- C:\Windows\System\RLbMuWZ.exe
  C:\Windows\System\RLbMuWZ.exe
  2⤵
  PID:5588
- C:\Windows\System\QeDnVZI.exe
  C:\Windows\System\QeDnVZI.exe
  2⤵
  PID:5616
- C:\Windows\System\TfMCcAp.exe
  C:\Windows\System\TfMCcAp.exe
  2⤵
  PID:5644
- C:\Windows\System\modfeCn.exe
  C:\Windows\System\modfeCn.exe
  2⤵
  PID:5672
- C:\Windows\System\OnaPcCN.exe
  C:\Windows\System\OnaPcCN.exe
  2⤵
  PID:5700
- C:\Windows\System\jlJBdiQ.exe
  C:\Windows\System\jlJBdiQ.exe
  2⤵
  PID:5728
- C:\Windows\System\YiPZVDU.exe
  C:\Windows\System\YiPZVDU.exe
  2⤵
  PID:5756
- C:\Windows\System\FJBmjdS.exe
  C:\Windows\System\FJBmjdS.exe
  2⤵
  PID:5784
- C:\Windows\System\uAWXhCX.exe
  C:\Windows\System\uAWXhCX.exe
  2⤵
  PID:5812
- C:\Windows\System\nrGlLhQ.exe
  C:\Windows\System\nrGlLhQ.exe
  2⤵
  PID:5840
- C:\Windows\System\eYVlRwM.exe
  C:\Windows\System\eYVlRwM.exe
  2⤵
  PID:5868
- C:\Windows\System\ZvRhdtM.exe
  C:\Windows\System\ZvRhdtM.exe
  2⤵
  PID:5896
- C:\Windows\System\mWHPkRr.exe
  C:\Windows\System\mWHPkRr.exe
  2⤵
  PID:5924
- C:\Windows\System\pzIqyly.exe
  C:\Windows\System\pzIqyly.exe
  2⤵
  PID:5952
- C:\Windows\System\GlojjHi.exe
  C:\Windows\System\GlojjHi.exe
  2⤵
  PID:5980
- C:\Windows\System\BhgYexx.exe
  C:\Windows\System\BhgYexx.exe
  2⤵
  PID:6008
- C:\Windows\System\LIPmZrD.exe
  C:\Windows\System\LIPmZrD.exe
  2⤵
  PID:6036
- C:\Windows\System\AnOvlgY.exe
  C:\Windows\System\AnOvlgY.exe
  2⤵
  PID:6064
- C:\Windows\System\TMMGwYw.exe
  C:\Windows\System\TMMGwYw.exe
  2⤵
  PID:6092
- C:\Windows\System\RPCOzRX.exe
  C:\Windows\System\RPCOzRX.exe
  2⤵
  PID:6120
- C:\Windows\System\uKiluxD.exe
  C:\Windows\System\uKiluxD.exe
  2⤵
  PID:1496
- C:\Windows\System\tPzFlRi.exe
  C:\Windows\System\tPzFlRi.exe
  2⤵
  PID:2720
- C:\Windows\System\XnIQKQb.exe
  C:\Windows\System\XnIQKQb.exe
  2⤵
  PID:1988
- C:\Windows\System\VVgcaxd.exe
  C:\Windows\System\VVgcaxd.exe
  2⤵
  PID:1560
- C:\Windows\System\FczdYbS.exe
  C:\Windows\System\FczdYbS.exe
  2⤵
  PID:5168
- C:\Windows\System\VvqSbjR.exe
  C:\Windows\System\VvqSbjR.exe
  2⤵
  PID:5228
- C:\Windows\System\pmnJvIe.exe
  C:\Windows\System\pmnJvIe.exe
  2⤵
  PID:5304
- C:\Windows\System\MJNySzf.exe
  C:\Windows\System\MJNySzf.exe
  2⤵
  PID:5360
- C:\Windows\System\WxKBYiU.exe
  C:\Windows\System\WxKBYiU.exe
  2⤵
  PID:5420
- C:\Windows\System\eMnapxN.exe
  C:\Windows\System\eMnapxN.exe
  2⤵
  PID:5472
- C:\Windows\System\YzPMoOn.exe
  C:\Windows\System\YzPMoOn.exe
  2⤵
  PID:5532
- C:\Windows\System\OlLMfIn.exe
  C:\Windows\System\OlLMfIn.exe
  2⤵
  PID:5600
- C:\Windows\System\UyBOXsl.exe
  C:\Windows\System\UyBOXsl.exe
  2⤵
  PID:5660
- C:\Windows\System\WYXsIRg.exe
  C:\Windows\System\WYXsIRg.exe
  2⤵
  PID:5716
- C:\Windows\System\fmLZaGH.exe
  C:\Windows\System\fmLZaGH.exe
  2⤵
  PID:5776
- C:\Windows\System\yhDWLcp.exe
  C:\Windows\System\yhDWLcp.exe
  2⤵
  PID:5852
- C:\Windows\System\trYwemD.exe
  C:\Windows\System\trYwemD.exe
  2⤵
  PID:5912
- C:\Windows\System\mSGfwYE.exe
  C:\Windows\System\mSGfwYE.exe
  2⤵
  PID:3768
- C:\Windows\System\nZHdcQp.exe
  C:\Windows\System\nZHdcQp.exe
  2⤵
  PID:6024
- C:\Windows\System\TtLLLNT.exe
  C:\Windows\System\TtLLLNT.exe
  2⤵
  PID:6104
- C:\Windows\System\JfeBMXj.exe
  C:\Windows\System\JfeBMXj.exe
  2⤵
  PID:1232
- C:\Windows\System\JsFFFPL.exe
  C:\Windows\System\JsFFFPL.exe
  2⤵
  PID:4672
- C:\Windows\System\yYCCvUm.exe
  C:\Windows\System\yYCCvUm.exe
  2⤵
  PID:5220
- C:\Windows\System\YdIkThP.exe
  C:\Windows\System\YdIkThP.exe
  2⤵
  PID:5388
- C:\Windows\System\pSREfLG.exe
  C:\Windows\System\pSREfLG.exe
  2⤵
  PID:5504
- C:\Windows\System\fztDeyP.exe
  C:\Windows\System\fztDeyP.exe
  2⤵
  PID:5636
- C:\Windows\System\zMuSzFA.exe
  C:\Windows\System\zMuSzFA.exe
  2⤵
  PID:5804
- C:\Windows\System\yCIfOMO.exe
  C:\Windows\System\yCIfOMO.exe
  2⤵
  PID:5944
- C:\Windows\System\rWGKUQD.exe
  C:\Windows\System\rWGKUQD.exe
  2⤵
  PID:6080
- C:\Windows\System\SkOfxqz.exe
  C:\Windows\System\SkOfxqz.exe
  2⤵
  PID:2796
- C:\Windows\System\SlBYShH.exe
  C:\Windows\System\SlBYShH.exe
  2⤵
  PID:5280
- C:\Windows\System\TeqrzVO.exe
  C:\Windows\System\TeqrzVO.exe
  2⤵
  PID:2932
- C:\Windows\System\CGTIGNc.exe
  C:\Windows\System\CGTIGNc.exe
  2⤵
  PID:6168
- C:\Windows\System\YNgOfVn.exe
  C:\Windows\System\YNgOfVn.exe
  2⤵
  PID:6196
- C:\Windows\System\rcqfwNM.exe
  C:\Windows\System\rcqfwNM.exe
  2⤵
  PID:6224
- C:\Windows\System\kgiORLm.exe
  C:\Windows\System\kgiORLm.exe
  2⤵
  PID:6252
- C:\Windows\System\raaiwoJ.exe
  C:\Windows\System\raaiwoJ.exe
  2⤵
  PID:6280
- C:\Windows\System\yKPbIUV.exe
  C:\Windows\System\yKPbIUV.exe
  2⤵
  PID:6308
- C:\Windows\System\VzEJbfp.exe
  C:\Windows\System\VzEJbfp.exe
  2⤵
  PID:6336
- C:\Windows\System\tAjBwTk.exe
  C:\Windows\System\tAjBwTk.exe
  2⤵
  PID:6372
- C:\Windows\System\jMESKrr.exe
  C:\Windows\System\jMESKrr.exe
  2⤵
  PID:6404
- C:\Windows\System\FnjpmkU.exe
  C:\Windows\System\FnjpmkU.exe
  2⤵
  PID:6464
- C:\Windows\System\ekCoGJR.exe
  C:\Windows\System\ekCoGJR.exe
  2⤵
  PID:6508
- C:\Windows\System\vmVYcGp.exe
  C:\Windows\System\vmVYcGp.exe
  2⤵
  PID:6528
- C:\Windows\System\xoelkZB.exe
  C:\Windows\System\xoelkZB.exe
  2⤵
  PID:6544
- C:\Windows\System\Iinpddu.exe
  C:\Windows\System\Iinpddu.exe
  2⤵
  PID:6576
- C:\Windows\System\EwsOPzJ.exe
  C:\Windows\System\EwsOPzJ.exe
  2⤵
  PID:6604
- C:\Windows\System\bPtJzUm.exe
  C:\Windows\System\bPtJzUm.exe
  2⤵
  PID:6636
- C:\Windows\System\QVahlrs.exe
  C:\Windows\System\QVahlrs.exe
  2⤵
  PID:6676
- C:\Windows\System\JgIWGyO.exe
  C:\Windows\System\JgIWGyO.exe
  2⤵
  PID:6704
- C:\Windows\System\UxaawoS.exe
  C:\Windows\System\UxaawoS.exe
  2⤵
  PID:6720
- C:\Windows\System\plmuBHQ.exe
  C:\Windows\System\plmuBHQ.exe
  2⤵
  PID:6740
- C:\Windows\System\HKWqKFx.exe
  C:\Windows\System\HKWqKFx.exe
  2⤵
  PID:6772
- C:\Windows\System\uoAScJQ.exe
  C:\Windows\System\uoAScJQ.exe
  2⤵
  PID:6800
- C:\Windows\System\aKYBsMH.exe
  C:\Windows\System\aKYBsMH.exe
  2⤵
  PID:6828
- C:\Windows\System\wFdMBiC.exe
  C:\Windows\System\wFdMBiC.exe
  2⤵
  PID:6856
- C:\Windows\System\pwsesYu.exe
  C:\Windows\System\pwsesYu.exe
  2⤵
  PID:6884
- C:\Windows\System\VxuCkYO.exe
  C:\Windows\System\VxuCkYO.exe
  2⤵
  PID:6904
- C:\Windows\System\uhFVnQO.exe
  C:\Windows\System\uhFVnQO.exe
  2⤵
  PID:6924
- C:\Windows\System\drqiaGo.exe
  C:\Windows\System\drqiaGo.exe
  2⤵
  PID:7012
- C:\Windows\System\asqGpxN.exe
  C:\Windows\System\asqGpxN.exe
  2⤵
  PID:7084
- C:\Windows\System\iWZgCno.exe
  C:\Windows\System\iWZgCno.exe
  2⤵
  PID:7100
- C:\Windows\System\xkhoefM.exe
  C:\Windows\System\xkhoefM.exe
  2⤵
  PID:940
- C:\Windows\System\QAwehxn.exe
  C:\Windows\System\QAwehxn.exe
  2⤵
  PID:5884
- C:\Windows\System\MSaBeRZ.exe
  C:\Windows\System\MSaBeRZ.exe
  2⤵
  PID:2588
- C:\Windows\System\ZDmTVOy.exe
  C:\Windows\System\ZDmTVOy.exe
  2⤵
  PID:2012
- C:\Windows\System\PaQpwit.exe
  C:\Windows\System\PaQpwit.exe
  2⤵
  PID:6180
- C:\Windows\System\GgbXAHs.exe
  C:\Windows\System\GgbXAHs.exe
  2⤵
  PID:6244
- C:\Windows\System\WBWAnTQ.exe
  C:\Windows\System\WBWAnTQ.exe
  2⤵
  PID:6292
- C:\Windows\System\naWUMil.exe
  C:\Windows\System\naWUMil.exe
  2⤵
  PID:6324
- C:\Windows\System\ghOSYSO.exe
  C:\Windows\System\ghOSYSO.exe
  2⤵
  PID:1652
- C:\Windows\System\eWVjJvz.exe
  C:\Windows\System\eWVjJvz.exe
  2⤵
  PID:4772
- C:\Windows\System\ejwKAdw.exe
  C:\Windows\System\ejwKAdw.exe
  2⤵
  PID:4848
- C:\Windows\System\lGIqLYL.exe
  C:\Windows\System\lGIqLYL.exe
  2⤵
  PID:6444
- C:\Windows\System\DPNqObk.exe
  C:\Windows\System\DPNqObk.exe
  2⤵
  PID:6524
- C:\Windows\System\kEzGPmK.exe
  C:\Windows\System\kEzGPmK.exe
  2⤵
  PID:6596
- C:\Windows\System\sPaOeYy.exe
  C:\Windows\System\sPaOeYy.exe
  2⤵
  PID:6668
- C:\Windows\System\KEXicRI.exe
  C:\Windows\System\KEXicRI.exe
  2⤵
  PID:6716
- C:\Windows\System\XqPutdE.exe
  C:\Windows\System\XqPutdE.exe
  2⤵
  PID:6784
- C:\Windows\System\pWlZHxf.exe
  C:\Windows\System\pWlZHxf.exe
  2⤵
  PID:6964
- C:\Windows\System\qDLHrnz.exe
  C:\Windows\System\qDLHrnz.exe
  2⤵
  PID:6968
- C:\Windows\System\QFTPrqc.exe
  C:\Windows\System\QFTPrqc.exe
  2⤵
  PID:7036
- C:\Windows\System\vPjbFuZ.exe
  C:\Windows\System\vPjbFuZ.exe
  2⤵
  PID:6584
- C:\Windows\System\bSKiulQ.exe
  C:\Windows\System\bSKiulQ.exe
  2⤵
  PID:6868
- C:\Windows\System\oDUtoNV.exe
  C:\Windows\System\oDUtoNV.exe
  2⤵
  PID:7132
- C:\Windows\System\OXNuVjq.exe
  C:\Windows\System\OXNuVjq.exe
  2⤵
  PID:6020
- C:\Windows\System\jWjhcnv.exe
  C:\Windows\System\jWjhcnv.exe
  2⤵
  PID:5196
- C:\Windows\System\jbopAmy.exe
  C:\Windows\System\jbopAmy.exe
  2⤵
  PID:6240
- C:\Windows\System\dlTqsIE.exe
  C:\Windows\System\dlTqsIE.exe
  2⤵
  PID:4924
- C:\Windows\System\yEbwzAE.exe
  C:\Windows\System\yEbwzAE.exe
  2⤵
  PID:6432
- C:\Windows\System\JuWNuBH.exe
  C:\Windows\System\JuWNuBH.exe
  2⤵
  PID:6540
- C:\Windows\System\CnBrZsN.exe
  C:\Windows\System\CnBrZsN.exe
  2⤵
  PID:6728
- C:\Windows\System\OCeNFHq.exe
  C:\Windows\System\OCeNFHq.exe
  2⤵
  PID:6440
- C:\Windows\System\JCSbnCx.exe
  C:\Windows\System\JCSbnCx.exe
  2⤵
  PID:6748
- C:\Windows\System\HvGzsXI.exe
  C:\Windows\System\HvGzsXI.exe
  2⤵
  PID:6480
- C:\Windows\System\stPPVoi.exe
  C:\Windows\System\stPPVoi.exe
  2⤵
  PID:4600
- C:\Windows\System\LprpOJP.exe
  C:\Windows\System\LprpOJP.exe
  2⤵
  PID:6564
- C:\Windows\System\CGoHsIi.exe
  C:\Windows\System\CGoHsIi.exe
  2⤵
  PID:7096
- C:\Windows\System\swHhDHQ.exe
  C:\Windows\System\swHhDHQ.exe
  2⤵
  PID:6656
- C:\Windows\System\utuzoHj.exe
  C:\Windows\System\utuzoHj.exe
  2⤵
  PID:7020
- C:\Windows\System\KFYxuae.exe
  C:\Windows\System\KFYxuae.exe
  2⤵
  PID:7180
- C:\Windows\System\BbOCUxN.exe
  C:\Windows\System\BbOCUxN.exe
  2⤵
  PID:7204
- C:\Windows\System\ybouzLx.exe
  C:\Windows\System\ybouzLx.exe
  2⤵
  PID:7236
- C:\Windows\System\DgPsHEt.exe
  C:\Windows\System\DgPsHEt.exe
  2⤵
  PID:7276
- C:\Windows\System\oasmnzR.exe
  C:\Windows\System\oasmnzR.exe
  2⤵
  PID:7308
- C:\Windows\System\DlPhxga.exe
  C:\Windows\System\DlPhxga.exe
  2⤵
  PID:7336
- C:\Windows\System\AJCWgxe.exe
  C:\Windows\System\AJCWgxe.exe
  2⤵
  PID:7368
- C:\Windows\System\hfVrIwe.exe
  C:\Windows\System\hfVrIwe.exe
  2⤵
  PID:7396
- C:\Windows\System\FpsERRY.exe
  C:\Windows\System\FpsERRY.exe
  2⤵
  PID:7412
- C:\Windows\System\vKctLqY.exe
  C:\Windows\System\vKctLqY.exe
  2⤵
  PID:7444
- C:\Windows\System\APkljKL.exe
  C:\Windows\System\APkljKL.exe
  2⤵
  PID:7480
- C:\Windows\System\QxfIvzI.exe
  C:\Windows\System\QxfIvzI.exe
  2⤵
  PID:7496
- C:\Windows\System\rjcavtI.exe
  C:\Windows\System\rjcavtI.exe
  2⤵
  PID:7536
- C:\Windows\System\QxjiDBN.exe
  C:\Windows\System\QxjiDBN.exe
  2⤵
  PID:7560
- C:\Windows\System\cEGWpCI.exe
  C:\Windows\System\cEGWpCI.exe
  2⤵
  PID:7580
- C:\Windows\System\ieCELFg.exe
  C:\Windows\System\ieCELFg.exe
  2⤵
  PID:7596
- C:\Windows\System\VrCCtJL.exe
  C:\Windows\System\VrCCtJL.exe
  2⤵
  PID:7636
- C:\Windows\System\mgCYHjK.exe
  C:\Windows\System\mgCYHjK.exe
  2⤵
  PID:7676
- C:\Windows\System\YFiUzgX.exe
  C:\Windows\System\YFiUzgX.exe
  2⤵
  PID:7704
- C:\Windows\System\keGLclr.exe
  C:\Windows\System\keGLclr.exe
  2⤵
  PID:7720
- C:\Windows\System\RsAjYDm.exe
  C:\Windows\System\RsAjYDm.exe
  2⤵
  PID:7760
- C:\Windows\System\bAjshiY.exe
  C:\Windows\System\bAjshiY.exe
  2⤵
  PID:7784
- C:\Windows\System\xMAAtDQ.exe
  C:\Windows\System\xMAAtDQ.exe
  2⤵
  PID:7804
- C:\Windows\System\ffOKhCn.exe
  C:\Windows\System\ffOKhCn.exe
  2⤵
  PID:7832
- C:\Windows\System\hPiefhK.exe
  C:\Windows\System\hPiefhK.exe
  2⤵
  PID:7872
- C:\Windows\System\thNSZXT.exe
  C:\Windows\System\thNSZXT.exe
  2⤵
  PID:7900
- C:\Windows\System\lBysgZW.exe
  C:\Windows\System\lBysgZW.exe
  2⤵
  PID:7928
- C:\Windows\System\nsYGRPC.exe
  C:\Windows\System\nsYGRPC.exe
  2⤵
  PID:7944
- C:\Windows\System\AfCHnNk.exe
  C:\Windows\System\AfCHnNk.exe
  2⤵
  PID:7976
- C:\Windows\System\YOEPkPL.exe
  C:\Windows\System\YOEPkPL.exe
  2⤵
  PID:8000
- C:\Windows\System\MCWaBlC.exe
  C:\Windows\System\MCWaBlC.exe
  2⤵
  PID:8032
- C:\Windows\System\BpRsCEA.exe
  C:\Windows\System\BpRsCEA.exe
  2⤵
  PID:8056
- C:\Windows\System\cSnHhcx.exe
  C:\Windows\System\cSnHhcx.exe
  2⤵
  PID:8084
- C:\Windows\System\EtXXgGd.exe
  C:\Windows\System\EtXXgGd.exe
  2⤵
  PID:8116
- C:\Windows\System\aZMpGgA.exe
  C:\Windows\System\aZMpGgA.exe
  2⤵
  PID:8140
- C:\Windows\System\QGFEhNW.exe
  C:\Windows\System\QGFEhNW.exe
  2⤵
  PID:8164
- C:\Windows\System\geKisXE.exe
  C:\Windows\System\geKisXE.exe
  2⤵
  PID:6912
- C:\Windows\System\GWkwOXe.exe
  C:\Windows\System\GWkwOXe.exe
  2⤵
  PID:7188
- C:\Windows\System\DGbcTjK.exe
  C:\Windows\System\DGbcTjK.exe
  2⤵
  PID:7268
- C:\Windows\System\tgmOArr.exe
  C:\Windows\System\tgmOArr.exe
  2⤵
  PID:7360
- C:\Windows\System\IcHjYxP.exe
  C:\Windows\System\IcHjYxP.exe
  2⤵
  PID:7424
- C:\Windows\System\dIJkrPq.exe
  C:\Windows\System\dIJkrPq.exe
  2⤵
  PID:7488
- C:\Windows\System\efKChIr.exe
  C:\Windows\System\efKChIr.exe
  2⤵
  PID:7552
- C:\Windows\System\YeBIWnB.exe
  C:\Windows\System\YeBIWnB.exe
  2⤵
  PID:7588
- C:\Windows\System\AFSBkEz.exe
  C:\Windows\System\AFSBkEz.exe
  2⤵
  PID:7660
- C:\Windows\System\MfHCyzC.exe
  C:\Windows\System\MfHCyzC.exe
  2⤵
  PID:7768
- C:\Windows\System\WuwmHNz.exe
  C:\Windows\System\WuwmHNz.exe
  2⤵
  PID:7824
- C:\Windows\System\qkzMyUj.exe
  C:\Windows\System\qkzMyUj.exe
  2⤵
  PID:7860
- C:\Windows\System\AJnuWIr.exe
  C:\Windows\System\AJnuWIr.exe
  2⤵
  PID:7960
- C:\Windows\System\YVvRPPY.exe
  C:\Windows\System\YVvRPPY.exe
  2⤵
  PID:8012
- C:\Windows\System\ieqTxUB.exe
  C:\Windows\System\ieqTxUB.exe
  2⤵
  PID:8048
- C:\Windows\System\aAOLYJR.exe
  C:\Windows\System\aAOLYJR.exe
  2⤵
  PID:8132
- C:\Windows\System\KyBGqwj.exe
  C:\Windows\System\KyBGqwj.exe
  2⤵
  PID:7512
- C:\Windows\System\AewwVeS.exe
  C:\Windows\System\AewwVeS.exe
  2⤵
  PID:7716
- C:\Windows\System\ezzsLTF.exe
  C:\Windows\System\ezzsLTF.exe
  2⤵
  PID:7776
- C:\Windows\System\DeJQtct.exe
  C:\Windows\System\DeJQtct.exe
  2⤵
  PID:7896
- C:\Windows\System\JxzvwHF.exe
  C:\Windows\System\JxzvwHF.exe
  2⤵
  PID:8068
- C:\Windows\System\LJTjwXy.exe
  C:\Windows\System\LJTjwXy.exe
  2⤵
  PID:3848
- C:\Windows\System\izypnlC.exe
  C:\Windows\System\izypnlC.exe
  2⤵
  PID:8024
- C:\Windows\System\WbVbEtc.exe
  C:\Windows\System\WbVbEtc.exe
  2⤵
  PID:7820
- C:\Windows\System\jxOZzdS.exe
  C:\Windows\System\jxOZzdS.exe
  2⤵
  PID:8220
- C:\Windows\System\JhgTFnW.exe
  C:\Windows\System\JhgTFnW.exe
  2⤵
  PID:8244
- C:\Windows\System\MzddZsq.exe
  C:\Windows\System\MzddZsq.exe
  2⤵
  PID:8280
- C:\Windows\System\GCGYoGh.exe
  C:\Windows\System\GCGYoGh.exe
  2⤵
  PID:8296
- C:\Windows\System\SYLdjyH.exe
  C:\Windows\System\SYLdjyH.exe
  2⤵
  PID:8316
- C:\Windows\System\crCVTBg.exe
  C:\Windows\System\crCVTBg.exe
  2⤵
  PID:8340
- C:\Windows\System\BwociCt.exe
  C:\Windows\System\BwociCt.exe
  2⤵
  PID:8372
- C:\Windows\System\ZgMIxqy.exe
  C:\Windows\System\ZgMIxqy.exe
  2⤵
  PID:8396
- C:\Windows\System\fyrNtrA.exe
  C:\Windows\System\fyrNtrA.exe
  2⤵
  PID:8420
- C:\Windows\System\vQvJbva.exe
  C:\Windows\System\vQvJbva.exe
  2⤵
  PID:8468
- C:\Windows\System\hWnAXof.exe
  C:\Windows\System\hWnAXof.exe
  2⤵
  PID:8504
- C:\Windows\System\drApZVT.exe
  C:\Windows\System\drApZVT.exe
  2⤵
  PID:8520
- C:\Windows\System\JhqjnPj.exe
  C:\Windows\System\JhqjnPj.exe
  2⤵
  PID:8548
- C:\Windows\System\HCOprJM.exe
  C:\Windows\System\HCOprJM.exe
  2⤵
  PID:8580
- C:\Windows\System\iLvSyJy.exe
  C:\Windows\System\iLvSyJy.exe
  2⤵
  PID:8616
- C:\Windows\System\uPFkJwq.exe
  C:\Windows\System\uPFkJwq.exe
  2⤵
  PID:8640
- C:\Windows\System\tIbhsBk.exe
  C:\Windows\System\tIbhsBk.exe
  2⤵
  PID:8668
- C:\Windows\System\FrExdnS.exe
  C:\Windows\System\FrExdnS.exe
  2⤵
  PID:8696
- C:\Windows\System\bKwYtSQ.exe
  C:\Windows\System\bKwYtSQ.exe
  2⤵
  PID:8712
- C:\Windows\System\yJpBkWh.exe
  C:\Windows\System\yJpBkWh.exe
  2⤵
  PID:8748
- C:\Windows\System\ODgHebw.exe
  C:\Windows\System\ODgHebw.exe
  2⤵
  PID:8780
- C:\Windows\System\lNSPULI.exe
  C:\Windows\System\lNSPULI.exe
  2⤵
  PID:8808
- C:\Windows\System\ZqHRHIA.exe
  C:\Windows\System\ZqHRHIA.exe
  2⤵
  PID:8848
- C:\Windows\System\HXwjhRs.exe
  C:\Windows\System\HXwjhRs.exe
  2⤵
  PID:8876
- C:\Windows\System\MJfDIxP.exe
  C:\Windows\System\MJfDIxP.exe
  2⤵
  PID:8900
- C:\Windows\System\EmQFnMb.exe
  C:\Windows\System\EmQFnMb.exe
  2⤵
  PID:8916
- C:\Windows\System\xWzQpct.exe
  C:\Windows\System\xWzQpct.exe
  2⤵
  PID:8936
- C:\Windows\System\YROlZKQ.exe
  C:\Windows\System\YROlZKQ.exe
  2⤵
  PID:8956
- C:\Windows\System\lXkYzim.exe
  C:\Windows\System\lXkYzim.exe
  2⤵
  PID:8984
- C:\Windows\System\UfSBXNB.exe
  C:\Windows\System\UfSBXNB.exe
  2⤵
  PID:9016
- C:\Windows\System\TDtvnXA.exe
  C:\Windows\System\TDtvnXA.exe
  2⤵
  PID:9052
- C:\Windows\System\DAJWwmw.exe
  C:\Windows\System\DAJWwmw.exe
  2⤵
  PID:9092
- C:\Windows\System\GmBEXNI.exe
  C:\Windows\System\GmBEXNI.exe
  2⤵
  PID:9124
- C:\Windows\System\xpamvEO.exe
  C:\Windows\System\xpamvEO.exe
  2⤵
  PID:9140
- C:\Windows\System\pltHDOu.exe
  C:\Windows\System\pltHDOu.exe
  2⤵
  PID:9168
- C:\Windows\System\ygybXZt.exe
  C:\Windows\System\ygybXZt.exe
  2⤵
  PID:9196
- C:\Windows\System\BSBLkSU.exe
  C:\Windows\System\BSBLkSU.exe
  2⤵
  PID:8236
- C:\Windows\System\qXRbxgD.exe
  C:\Windows\System\qXRbxgD.exe
  2⤵
  PID:8292
- C:\Windows\System\ePqbXpA.exe
  C:\Windows\System\ePqbXpA.exe
  2⤵
  PID:8392
- C:\Windows\System\yarCbsc.exe
  C:\Windows\System\yarCbsc.exe
  2⤵
  PID:8476
- C:\Windows\System\EzzlUJa.exe
  C:\Windows\System\EzzlUJa.exe
  2⤵
  PID:8512
- C:\Windows\System\VYwUEOi.exe
  C:\Windows\System\VYwUEOi.exe
  2⤵
  PID:8576
- C:\Windows\System\GMvfecu.exe
  C:\Windows\System\GMvfecu.exe
  2⤵
  PID:4376
- C:\Windows\System\UetogsJ.exe
  C:\Windows\System\UetogsJ.exe
  2⤵
  PID:8684
- C:\Windows\System\kYCYznX.exe
  C:\Windows\System\kYCYznX.exe
  2⤵
  PID:8728
- C:\Windows\System\FLHusnw.exe
  C:\Windows\System\FLHusnw.exe
  2⤵
  PID:8828
- C:\Windows\System\HyxFYzS.exe
  C:\Windows\System\HyxFYzS.exe
  2⤵
  PID:8888
- C:\Windows\System\wquATPm.exe
  C:\Windows\System\wquATPm.exe
  2⤵
  PID:8908
- C:\Windows\System\dgjmitc.exe
  C:\Windows\System\dgjmitc.exe
  2⤵
  PID:8980
- C:\Windows\System\DCSMenx.exe
  C:\Windows\System\DCSMenx.exe
  2⤵
  PID:9036
- C:\Windows\System\ufyGLlF.exe
  C:\Windows\System\ufyGLlF.exe
  2⤵
  PID:9076
- C:\Windows\System\TkUsaDy.exe
  C:\Windows\System\TkUsaDy.exe
  2⤵
  PID:9164
- C:\Windows\System\kofDPNf.exe
  C:\Windows\System\kofDPNf.exe
  2⤵
  PID:9188
- C:\Windows\System\tfdfPql.exe
  C:\Windows\System\tfdfPql.exe
  2⤵
  PID:8304
- C:\Windows\System\ALVAbCh.exe
  C:\Windows\System\ALVAbCh.exe
  2⤵
  PID:8416
- C:\Windows\System\mQtRyOP.exe
  C:\Windows\System\mQtRyOP.exe
  2⤵
  PID:8532
- C:\Windows\System\esSiUsP.exe
  C:\Windows\System\esSiUsP.exe
  2⤵
  PID:8636
- C:\Windows\System\TSIOyIh.exe
  C:\Windows\System\TSIOyIh.exe
  2⤵
  PID:8804
- C:\Windows\System\cvIsCjO.exe
  C:\Windows\System\cvIsCjO.exe
  2⤵
  PID:9084
- C:\Windows\System\iilVMIX.exe
  C:\Windows\System\iilVMIX.exe
  2⤵
  PID:2140
- C:\Windows\System\ZQlXZlK.exe
  C:\Windows\System\ZQlXZlK.exe
  2⤵
  PID:8196
- C:\Windows\System\urgnSKt.exe
  C:\Windows\System\urgnSKt.exe
  2⤵
  PID:8496
- C:\Windows\System\wJxdpWc.exe
  C:\Windows\System\wJxdpWc.exe
  2⤵
  PID:2684
- C:\Windows\System\PlwYhrS.exe
  C:\Windows\System\PlwYhrS.exe
  2⤵
  PID:8928
- C:\Windows\System\EbFnPZz.exe
  C:\Windows\System\EbFnPZz.exe
  2⤵
  PID:1124
- C:\Windows\System\niiVOlD.exe
  C:\Windows\System\niiVOlD.exe
  2⤵
  PID:9184
- C:\Windows\System\RaoxZGk.exe
  C:\Windows\System\RaoxZGk.exe
  2⤵
  PID:8912
- C:\Windows\System\ZOYbspR.exe
  C:\Windows\System\ZOYbspR.exe
  2⤵
  PID:9244
- C:\Windows\System\OWYdtsO.exe
  C:\Windows\System\OWYdtsO.exe
  2⤵
  PID:9272
- C:\Windows\System\YvOpbZm.exe
  C:\Windows\System\YvOpbZm.exe
  2⤵
  PID:9300
- C:\Windows\System\WLGGpej.exe
  C:\Windows\System\WLGGpej.exe
  2⤵
  PID:9316
- C:\Windows\System\vzWUoHG.exe
  C:\Windows\System\vzWUoHG.exe
  2⤵
  PID:9344
- C:\Windows\System\EUOrbbY.exe
  C:\Windows\System\EUOrbbY.exe
  2⤵
  PID:9388
- C:\Windows\System\BcmnSme.exe
  C:\Windows\System\BcmnSme.exe
  2⤵
  PID:9412
- C:\Windows\System\TKJUNEK.exe
  C:\Windows\System\TKJUNEK.exe
  2⤵
  PID:9432
- C:\Windows\System\XLmBqxh.exe
  C:\Windows\System\XLmBqxh.exe
  2⤵
  PID:9448
- C:\Windows\System\CpdmgGA.exe
  C:\Windows\System\CpdmgGA.exe
  2⤵
  PID:9496
- C:\Windows\System\LFZeZZk.exe
  C:\Windows\System\LFZeZZk.exe
  2⤵
  PID:9520
- C:\Windows\System\SJIiGIu.exe
  C:\Windows\System\SJIiGIu.exe
  2⤵
  PID:9540
- C:\Windows\System\zBUIJXi.exe
  C:\Windows\System\zBUIJXi.exe
  2⤵
  PID:9576
- C:\Windows\System\NCEDCyu.exe
  C:\Windows\System\NCEDCyu.exe
  2⤵
  PID:9604
- C:\Windows\System\xPsWWyT.exe
  C:\Windows\System\xPsWWyT.exe
  2⤵
  PID:9628
- C:\Windows\System\rLWyGzr.exe
  C:\Windows\System\rLWyGzr.exe
  2⤵
  PID:9660
- C:\Windows\System\UOABCrm.exe
  C:\Windows\System\UOABCrm.exe
  2⤵
  PID:9688
- C:\Windows\System\AcaZdXo.exe
  C:\Windows\System\AcaZdXo.exe
  2⤵
  PID:9716
- C:\Windows\System\FMEKPUM.exe
  C:\Windows\System\FMEKPUM.exe
  2⤵
  PID:9736
- C:\Windows\System\zYoByrK.exe
  C:\Windows\System\zYoByrK.exe
  2⤵
  PID:9760
- C:\Windows\System\yDIgEyb.exe
  C:\Windows\System\yDIgEyb.exe
  2⤵
  PID:9796
- C:\Windows\System\BFpynWN.exe
  C:\Windows\System\BFpynWN.exe
  2⤵
  PID:9840
- C:\Windows\System\KxkEIeC.exe
  C:\Windows\System\KxkEIeC.exe
  2⤵
  PID:9856
- C:\Windows\System\IZLcjra.exe
  C:\Windows\System\IZLcjra.exe
  2⤵
  PID:9892
- C:\Windows\System\KEdHUyi.exe
  C:\Windows\System\KEdHUyi.exe
  2⤵
  PID:9912
- C:\Windows\System\EiGBhkZ.exe
  C:\Windows\System\EiGBhkZ.exe
  2⤵
  PID:9940
- C:\Windows\System\fZRTmxi.exe
  C:\Windows\System\fZRTmxi.exe
  2⤵
  PID:9976
- C:\Windows\System\okgFysj.exe
  C:\Windows\System\okgFysj.exe
  2⤵
  PID:10008
- C:\Windows\System\GESQojh.exe
  C:\Windows\System\GESQojh.exe
  2⤵
  PID:10032
- C:\Windows\System\TjfEgZS.exe
  C:\Windows\System\TjfEgZS.exe
  2⤵
  PID:10052
- C:\Windows\System\onCYWsW.exe
  C:\Windows\System\onCYWsW.exe
  2⤵
  PID:10084
- C:\Windows\System\aToxEld.exe
  C:\Windows\System\aToxEld.exe
  2⤵
  PID:10108
- C:\Windows\System\SsKCFCf.exe
  C:\Windows\System\SsKCFCf.exe
  2⤵
  PID:10124
- C:\Windows\System\HbkIeSb.exe
  C:\Windows\System\HbkIeSb.exe
  2⤵
  PID:10176
- C:\Windows\System\bgNPlws.exe
  C:\Windows\System\bgNPlws.exe
  2⤵
  PID:10204
- C:\Windows\System\gXykIrY.exe
  C:\Windows\System\gXykIrY.exe
  2⤵
  PID:10232
- C:\Windows\System\FxNpQum.exe
  C:\Windows\System\FxNpQum.exe
  2⤵
  PID:9240
- C:\Windows\System\fWfWcOc.exe
  C:\Windows\System\fWfWcOc.exe
  2⤵
  PID:9308
- C:\Windows\System\mTKQbBL.exe
  C:\Windows\System\mTKQbBL.exe
  2⤵
  PID:9380
- C:\Windows\System\GHfiybx.exe
  C:\Windows\System\GHfiybx.exe
  2⤵
  PID:9424
- C:\Windows\System\FCvJBlQ.exe
  C:\Windows\System\FCvJBlQ.exe
  2⤵
  PID:9512
- C:\Windows\System\pwyGtPG.exe
  C:\Windows\System\pwyGtPG.exe
  2⤵
  PID:9536
- C:\Windows\System\pWXlXkm.exe
  C:\Windows\System\pWXlXkm.exe
  2⤵
  PID:9648
- C:\Windows\System\eXKacNL.exe
  C:\Windows\System\eXKacNL.exe
  2⤵
  PID:9680
- C:\Windows\System\gFsUWJe.exe
  C:\Windows\System\gFsUWJe.exe
  2⤵
  PID:9772
- C:\Windows\System\gdcpAhn.exe
  C:\Windows\System\gdcpAhn.exe
  2⤵
  PID:9836
- C:\Windows\System\rToZpnF.exe
  C:\Windows\System\rToZpnF.exe
  2⤵
  PID:9908
- C:\Windows\System\ahhjJDK.exe
  C:\Windows\System\ahhjJDK.exe
  2⤵
  PID:10000
- C:\Windows\System\WigDSKW.exe
  C:\Windows\System\WigDSKW.exe
  2⤵
  PID:10016
- C:\Windows\System\HuFplEz.exe
  C:\Windows\System\HuFplEz.exe
  2⤵
  PID:10140
- C:\Windows\System\bNRPdCh.exe
  C:\Windows\System\bNRPdCh.exe
  2⤵
  PID:10120
- C:\Windows\System\zDTfcPF.exe
  C:\Windows\System\zDTfcPF.exe
  2⤵
  PID:9236
- C:\Windows\System\pwJUexk.exe
  C:\Windows\System\pwJUexk.exe
  2⤵
  PID:9260
- C:\Windows\System\gQmMiwn.exe
  C:\Windows\System\gQmMiwn.exe
  2⤵
  PID:9468
- C:\Windows\System\tgXjsma.exe
  C:\Windows\System\tgXjsma.exe
  2⤵
  PID:9640
- C:\Windows\System\CnzBwwi.exe
  C:\Windows\System\CnzBwwi.exe
  2⤵
  PID:9732
- C:\Windows\System\csrXkEN.exe
  C:\Windows\System\csrXkEN.exe
  2⤵
  PID:9952
- C:\Windows\System\ILsvMAj.exe
  C:\Windows\System\ILsvMAj.exe
  2⤵
  PID:10072
- C:\Windows\System\VVUprDE.exe
  C:\Windows\System\VVUprDE.exe
  2⤵
  PID:9284
- C:\Windows\System\bgfQkcA.exe
  C:\Windows\System\bgfQkcA.exe
  2⤵
  PID:9644
- C:\Windows\System\lCsmVXe.exe
  C:\Windows\System\lCsmVXe.exe
  2⤵
  PID:9476
- C:\Windows\System\jOWMccZ.exe
  C:\Windows\System\jOWMccZ.exe
  2⤵
  PID:10200
- C:\Windows\System\PQUakHC.exe
  C:\Windows\System\PQUakHC.exe
  2⤵
  PID:1328
- C:\Windows\System\OcdpDRw.exe
  C:\Windows\System\OcdpDRw.exe
  2⤵
  PID:9852
- C:\Windows\System\tXiwgIm.exe
  C:\Windows\System\tXiwgIm.exe
  2⤵
  PID:4536
- C:\Windows\System\NUFCeTE.exe
  C:\Windows\System\NUFCeTE.exe
  2⤵
  PID:10260
- C:\Windows\System\PXgmacX.exe
  C:\Windows\System\PXgmacX.exe
  2⤵
  PID:10288
- C:\Windows\System\RIoydQG.exe
  C:\Windows\System\RIoydQG.exe
  2⤵
  PID:10344
- C:\Windows\System\iiJVOpE.exe
  C:\Windows\System\iiJVOpE.exe
  2⤵
  PID:10360
- C:\Windows\System\jjTkxPO.exe
  C:\Windows\System\jjTkxPO.exe
  2⤵
  PID:10388
- C:\Windows\System\BewjoMw.exe
  C:\Windows\System\BewjoMw.exe
  2⤵
  PID:10424
- C:\Windows\System\lWdfRNR.exe
  C:\Windows\System\lWdfRNR.exe
  2⤵
  PID:10440
- C:\Windows\System\vSHnCCd.exe
  C:\Windows\System\vSHnCCd.exe
  2⤵
  PID:10460
- C:\Windows\System\GZVDTrh.exe
  C:\Windows\System\GZVDTrh.exe
  2⤵
  PID:10488
- C:\Windows\System\fDyfpLG.exe
  C:\Windows\System\fDyfpLG.exe
  2⤵
  PID:10524
- C:\Windows\System\YYZNyWn.exe
  C:\Windows\System\YYZNyWn.exe
  2⤵
  PID:10544
- C:\Windows\System\NutRXTJ.exe
  C:\Windows\System\NutRXTJ.exe
  2⤵
  PID:10560
- C:\Windows\System\feAcYmC.exe
  C:\Windows\System\feAcYmC.exe
  2⤵
  PID:10596
- C:\Windows\System\eJstnMC.exe
  C:\Windows\System\eJstnMC.exe
  2⤵
  PID:10648
- C:\Windows\System\vdykFCy.exe
  C:\Windows\System\vdykFCy.exe
  2⤵
  PID:10668
- C:\Windows\System\UAZbcLR.exe
  C:\Windows\System\UAZbcLR.exe
  2⤵
  PID:10692
- C:\Windows\System\yvifaAc.exe
  C:\Windows\System\yvifaAc.exe
  2⤵
  PID:10728
- C:\Windows\System\UseeIHM.exe
  C:\Windows\System\UseeIHM.exe
  2⤵
  PID:10760
- C:\Windows\System\sYcgeJd.exe
  C:\Windows\System\sYcgeJd.exe
  2⤵
  PID:10780
- C:\Windows\System\mHctFmq.exe
  C:\Windows\System\mHctFmq.exe
  2⤵
  PID:10820
- C:\Windows\System\IFLjjkZ.exe
  C:\Windows\System\IFLjjkZ.exe
  2⤵
  PID:10836
- C:\Windows\System\PBibeXz.exe
  C:\Windows\System\PBibeXz.exe
  2⤵
  PID:10868
- C:\Windows\System\YvxJAyh.exe
  C:\Windows\System\YvxJAyh.exe
  2⤵
  PID:10892
- C:\Windows\System\bQLbAdA.exe
  C:\Windows\System\bQLbAdA.exe
  2⤵
  PID:10920
- C:\Windows\System\ocmQyFM.exe
  C:\Windows\System\ocmQyFM.exe
  2⤵
  PID:10952
- C:\Windows\System\KLVDcWH.exe
  C:\Windows\System\KLVDcWH.exe
  2⤵
  PID:10988
- C:\Windows\System\yZedZhs.exe
  C:\Windows\System\yZedZhs.exe
  2⤵
  PID:11020
- C:\Windows\System\KrVKPyx.exe
  C:\Windows\System\KrVKPyx.exe
  2⤵
  PID:11048
- C:\Windows\System\NBYGVQg.exe
  C:\Windows\System\NBYGVQg.exe
  2⤵
  PID:11068
- C:\Windows\System\tuNIScH.exe
  C:\Windows\System\tuNIScH.exe
  2⤵
  PID:11100
- C:\Windows\System\fhdsbef.exe
  C:\Windows\System\fhdsbef.exe
  2⤵
  PID:11144
- C:\Windows\System\jyFeLLm.exe
  C:\Windows\System\jyFeLLm.exe
  2⤵
  PID:11160
- C:\Windows\System\dKQBisl.exe
  C:\Windows\System\dKQBisl.exe
  2⤵
  PID:11200
- C:\Windows\System\delYzFp.exe
  C:\Windows\System\delYzFp.exe
  2⤵
  PID:11216
- C:\Windows\System\QdVXuzB.exe
  C:\Windows\System\QdVXuzB.exe
  2⤵
  PID:11244
- C:\Windows\System\vQJgWwO.exe
  C:\Windows\System\vQJgWwO.exe
  2⤵
  PID:10224
- C:\Windows\System\HubaYQo.exe
  C:\Windows\System\HubaYQo.exe
  2⤵
  PID:10316
- C:\Windows\System\JsARSfB.exe
  C:\Windows\System\JsARSfB.exe
  2⤵
  PID:10400
- C:\Windows\System\eRFjxTv.exe
  C:\Windows\System\eRFjxTv.exe
  2⤵
  PID:10472
- C:\Windows\System\ozUBitQ.exe
  C:\Windows\System\ozUBitQ.exe
  2⤵
  PID:10552
- C:\Windows\System\mcnQxBc.exe
  C:\Windows\System\mcnQxBc.exe
  2⤵
  PID:10584
- C:\Windows\System\hBkFpLy.exe
  C:\Windows\System\hBkFpLy.exe
  2⤵
  PID:4392
- C:\Windows\System\DhjKUro.exe
  C:\Windows\System\DhjKUro.exe
  2⤵
  PID:10676
- C:\Windows\System\HMbxLIp.exe
  C:\Windows\System\HMbxLIp.exe
  2⤵
  PID:10772
- C:\Windows\System\lIUTyFb.exe
  C:\Windows\System\lIUTyFb.exe
  2⤵
  PID:10852
- C:\Windows\System\CKVAhnq.exe
  C:\Windows\System\CKVAhnq.exe
  2⤵
  PID:10908
- C:\Windows\System\aGJombu.exe
  C:\Windows\System\aGJombu.exe
  2⤵
  PID:10972
- C:\Windows\System\HdHVeIg.exe
  C:\Windows\System\HdHVeIg.exe
  2⤵
  PID:11056
- C:\Windows\System\jkfPVEW.exe
  C:\Windows\System\jkfPVEW.exe
  2⤵
  PID:11152
- C:\Windows\System\RSKXdgN.exe
  C:\Windows\System\RSKXdgN.exe
  2⤵
  PID:11196
- C:\Windows\System\Nzhtenr.exe
  C:\Windows\System\Nzhtenr.exe
  2⤵
  PID:10248
- C:\Windows\System\IoGTENk.exe
  C:\Windows\System\IoGTENk.exe
  2⤵
  PID:10272
- C:\Windows\System\oFBgQzG.exe
  C:\Windows\System\oFBgQzG.exe
  2⤵
  PID:10452
- C:\Windows\System\gEpTWHD.exe
  C:\Windows\System\gEpTWHD.exe
  2⤵
  PID:10532
- C:\Windows\System\UbvqvXR.exe
  C:\Windows\System\UbvqvXR.exe
  2⤵
  PID:10752
- C:\Windows\System\rMJlEDQ.exe
  C:\Windows\System\rMJlEDQ.exe
  2⤵
  PID:10876
- C:\Windows\System\MhkMOqn.exe
  C:\Windows\System\MhkMOqn.exe
  2⤵
  PID:11012
- C:\Windows\System\gScHuJu.exe
  C:\Windows\System\gScHuJu.exe
  2⤵
  PID:11192
- C:\Windows\System\ttsqvgJ.exe
  C:\Windows\System\ttsqvgJ.exe
  2⤵
  PID:10580
- C:\Windows\System\XvpIqpS.exe
  C:\Windows\System\XvpIqpS.exe
  2⤵
  PID:10912
- C:\Windows\System\pjPPtTk.exe
  C:\Windows\System\pjPPtTk.exe
  2⤵
  PID:10252
- C:\Windows\System\WYNitFF.exe
  C:\Windows\System\WYNitFF.exe
  2⤵
  PID:10380
- C:\Windows\System\USeKbaA.exe
  C:\Windows\System\USeKbaA.exe
  2⤵
  PID:11268
- C:\Windows\System\MNjIoeT.exe
  C:\Windows\System\MNjIoeT.exe
  2⤵
  PID:11296
- C:\Windows\System\NmggJnq.exe
  C:\Windows\System\NmggJnq.exe
  2⤵
  PID:11328
- C:\Windows\System\nSDnTon.exe
  C:\Windows\System\nSDnTon.exe
  2⤵
  PID:11352
- C:\Windows\System\qKRosjO.exe
  C:\Windows\System\qKRosjO.exe
  2⤵
  PID:11392
- C:\Windows\System\IdFPtMm.exe
  C:\Windows\System\IdFPtMm.exe
  2⤵
  PID:11420
- C:\Windows\System\NYQfTiw.exe
  C:\Windows\System\NYQfTiw.exe
  2⤵
  PID:11448
- C:\Windows\System\vWhCXWT.exe
  C:\Windows\System\vWhCXWT.exe
  2⤵
  PID:11476
- C:\Windows\System\TaVgzcr.exe
  C:\Windows\System\TaVgzcr.exe
  2⤵
  PID:11504
- C:\Windows\System\lOgIbqO.exe
  C:\Windows\System\lOgIbqO.exe
  2⤵
  PID:11532
- C:\Windows\System\vknzEBl.exe
  C:\Windows\System\vknzEBl.exe
  2⤵
  PID:11560
- C:\Windows\System\fWrefvw.exe
  C:\Windows\System\fWrefvw.exe
  2⤵
  PID:11588
- C:\Windows\System\IRWKysm.exe
  C:\Windows\System\IRWKysm.exe
  2⤵
  PID:11612
- C:\Windows\System\rTLiDBw.exe
  C:\Windows\System\rTLiDBw.exe
  2⤵
  PID:11636
- C:\Windows\System\TrvfCSG.exe
  C:\Windows\System\TrvfCSG.exe
  2⤵
  PID:11672
- C:\Windows\System\CYHYBRF.exe
  C:\Windows\System\CYHYBRF.exe
  2⤵
  PID:11692
- C:\Windows\System\YVCkTDT.exe
  C:\Windows\System\YVCkTDT.exe
  2⤵
  PID:11716
- C:\Windows\System\qgyYeoZ.exe
  C:\Windows\System\qgyYeoZ.exe
  2⤵
  PID:11744
- C:\Windows\System\szLlevS.exe
  C:\Windows\System\szLlevS.exe
  2⤵
  PID:11784
- C:\Windows\System\gjFanYr.exe
  C:\Windows\System\gjFanYr.exe
  2⤵
  PID:11804
- C:\Windows\System\CNOJRIR.exe
  C:\Windows\System\CNOJRIR.exe
  2⤵
  PID:11840
- C:\Windows\System\Zrabgrr.exe
  C:\Windows\System\Zrabgrr.exe
  2⤵
  PID:11856
- C:\Windows\System\FEfXkdO.exe
  C:\Windows\System\FEfXkdO.exe
  2⤵
  PID:11888
- C:\Windows\System\WTwcEEd.exe
  C:\Windows\System\WTwcEEd.exe
  2⤵
  PID:11920
- C:\Windows\System\AsHDvUs.exe
  C:\Windows\System\AsHDvUs.exe
  2⤵
  PID:11940
- C:\Windows\System\RfJWUAY.exe
  C:\Windows\System\RfJWUAY.exe
  2⤵
  PID:11980
- C:\Windows\System\wSbHcbZ.exe
  C:\Windows\System\wSbHcbZ.exe
  2⤵
  PID:12008
- C:\Windows\System\JYBbYRi.exe
  C:\Windows\System\JYBbYRi.exe
  2⤵
  PID:12036
- C:\Windows\System\HFiwAqJ.exe
  C:\Windows\System\HFiwAqJ.exe
  2⤵
  PID:12052
- C:\Windows\System\CqRQkDp.exe
  C:\Windows\System\CqRQkDp.exe
  2⤵
  PID:12080
- C:\Windows\System\uVEzSOU.exe
  C:\Windows\System\uVEzSOU.exe
  2⤵
  PID:12112
- C:\Windows\System\tyAXqTZ.exe
  C:\Windows\System\tyAXqTZ.exe
  2⤵
  PID:12136
- C:\Windows\System\AzvUNss.exe
  C:\Windows\System\AzvUNss.exe
  2⤵
  PID:12164
- C:\Windows\System\vpHipXy.exe
  C:\Windows\System\vpHipXy.exe
  2⤵
  PID:12192
- C:\Windows\System\zuxXgoG.exe
  C:\Windows\System\zuxXgoG.exe
  2⤵
  PID:12232
- C:\Windows\System\HTTmiYN.exe
  C:\Windows\System\HTTmiYN.exe
  2⤵
  PID:12252
- C:\Windows\System\WoAtAIg.exe
  C:\Windows\System\WoAtAIg.exe
  2⤵
  PID:12276
- C:\Windows\System\qmacTxW.exe
  C:\Windows\System\qmacTxW.exe
  2⤵
  PID:11288
- C:\Windows\System\GDFAcZt.exe
  C:\Windows\System\GDFAcZt.exe
  2⤵
  PID:11364
- C:\Windows\System\aDYqBxZ.exe
  C:\Windows\System\aDYqBxZ.exe
  2⤵
  PID:11460
- C:\Windows\System\CConnNh.exe
  C:\Windows\System\CConnNh.exe
  2⤵
  PID:11520
- C:\Windows\System\ZGUwnsN.exe
  C:\Windows\System\ZGUwnsN.exe
  2⤵
  PID:11556
- C:\Windows\System\WzxUjsS.exe
  C:\Windows\System\WzxUjsS.exe
  2⤵
  PID:11624
- C:\Windows\System\dzmJoXp.exe
  C:\Windows\System\dzmJoXp.exe
  2⤵
  PID:11700
- C:\Windows\System\ClCcAUX.exe
  C:\Windows\System\ClCcAUX.exe
  2⤵
  PID:11756
- C:\Windows\System\rzzTmob.exe
  C:\Windows\System\rzzTmob.exe
  2⤵
  PID:11824
- C:\Windows\System\wYPMYZT.exe
  C:\Windows\System\wYPMYZT.exe
  2⤵
  PID:11868
- C:\Windows\System\TWpNILU.exe
  C:\Windows\System\TWpNILU.exe
  2⤵
  PID:11972
- C:\Windows\System\HHyZVhd.exe
  C:\Windows\System\HHyZVhd.exe
  2⤵
  PID:12028
- C:\Windows\System\WSlBmCO.exe
  C:\Windows\System\WSlBmCO.exe
  2⤵
  PID:12092
- C:\Windows\System\jFLGAao.exe
  C:\Windows\System\jFLGAao.exe
  2⤵
  PID:12152
- C:\Windows\System\LbIIDnb.exe
  C:\Windows\System\LbIIDnb.exe
  2⤵
  PID:12260
- C:\Windows\System\EipigjC.exe
  C:\Windows\System\EipigjC.exe
  2⤵
  PID:10860
- C:\Windows\System\sEIXUvH.exe
  C:\Windows\System\sEIXUvH.exe
  2⤵
  PID:11436
- C:\Windows\System\msTTmKp.exe
  C:\Windows\System\msTTmKp.exe
  2⤵
  PID:11604
- C:\Windows\System\KpvtQTq.exe
  C:\Windows\System\KpvtQTq.exe
  2⤵
  PID:11176
- C:\Windows\System\WTZgVHz.exe
  C:\Windows\System\WTZgVHz.exe
  2⤵
  PID:11876
- C:\Windows\System\xFaBkpZ.exe
  C:\Windows\System\xFaBkpZ.exe
  2⤵
  PID:11932
- C:\Windows\System\sLyJhEm.exe
  C:\Windows\System\sLyJhEm.exe
  2⤵
  PID:12104
- C:\Windows\System\HwVBLtX.exe
  C:\Windows\System\HwVBLtX.exe
  2⤵
  PID:11432
- C:\Windows\System\FrpiilE.exe
  C:\Windows\System\FrpiilE.exe
  2⤵
  PID:11708
- C:\Windows\System\VkQzuUB.exe
  C:\Windows\System\VkQzuUB.exe
  2⤵
  PID:11904
- C:\Windows\System\UKHFKFk.exe
  C:\Windows\System\UKHFKFk.exe
  2⤵
  PID:11060
- C:\Windows\System\OZZEviR.exe
  C:\Windows\System\OZZEviR.exe
  2⤵
  PID:11848
- C:\Windows\System\hEBMlZf.exe
  C:\Windows\System\hEBMlZf.exe
  2⤵
  PID:12300
- C:\Windows\System\tlnngAq.exe
  C:\Windows\System\tlnngAq.exe
  2⤵
  PID:12328
- C:\Windows\System\CjsKixP.exe
  C:\Windows\System\CjsKixP.exe
  2⤵
  PID:12356
- C:\Windows\System\rtIlauW.exe
  C:\Windows\System\rtIlauW.exe
  2⤵
  PID:12392
- C:\Windows\System\JKdVkhf.exe
  C:\Windows\System\JKdVkhf.exe
  2⤵
  PID:12424
- C:\Windows\System\fDTpvlj.exe
  C:\Windows\System\fDTpvlj.exe
  2⤵
  PID:12452
- C:\Windows\System\lTEZqsn.exe
  C:\Windows\System\lTEZqsn.exe
  2⤵
  PID:12468
- C:\Windows\System\DfZsSrj.exe
  C:\Windows\System\DfZsSrj.exe
  2⤵
  PID:12500
- C:\Windows\System\lVaxwhA.exe
  C:\Windows\System\lVaxwhA.exe
  2⤵
  PID:12524
- C:\Windows\System\tHLksZX.exe
  C:\Windows\System\tHLksZX.exe
  2⤵
  PID:12552
- C:\Windows\System\YbyJXOP.exe
  C:\Windows\System\YbyJXOP.exe
  2⤵
  PID:12580
- C:\Windows\System\rAakoAt.exe
  C:\Windows\System\rAakoAt.exe
  2⤵
  PID:12608
- C:\Windows\System\asZCGxN.exe
  C:\Windows\System\asZCGxN.exe
  2⤵
  PID:12636
- C:\Windows\System\RUJkNtS.exe
  C:\Windows\System\RUJkNtS.exe
  2⤵
  PID:12656
- C:\Windows\System\NmulUlD.exe
  C:\Windows\System\NmulUlD.exe
  2⤵
  PID:12692
- C:\Windows\System\sdZgLXu.exe
  C:\Windows\System\sdZgLXu.exe
  2⤵
  PID:12732
- C:\Windows\System\wycoXdI.exe
  C:\Windows\System\wycoXdI.exe
  2⤵
  PID:12760
- C:\Windows\System\juxDIPP.exe
  C:\Windows\System\juxDIPP.exe
  2⤵
  PID:12788
- C:\Windows\System\qOlNvMn.exe
  C:\Windows\System\qOlNvMn.exe
  2⤵
  PID:12812
- C:\Windows\System\wqqDtOd.exe
  C:\Windows\System\wqqDtOd.exe
  2⤵
  PID:12832
- C:\Windows\System\PRUpBKe.exe
  C:\Windows\System\PRUpBKe.exe
  2⤵
  PID:12872
- C:\Windows\System\ZeotNFU.exe
  C:\Windows\System\ZeotNFU.exe
  2⤵
  PID:12900
- C:\Windows\System\wTjxgdL.exe
  C:\Windows\System\wTjxgdL.exe
  2⤵
  PID:12928
- C:\Windows\System\fLpbGEZ.exe
  C:\Windows\System\fLpbGEZ.exe
  2⤵
  PID:12956
- C:\Windows\System\ganlLLW.exe
  C:\Windows\System\ganlLLW.exe
  2⤵
  PID:12984
- C:\Windows\System\KHtrkGp.exe
  C:\Windows\System\KHtrkGp.exe
  2⤵
  PID:13000
- C:\Windows\System\IUlSlOa.exe
  C:\Windows\System\IUlSlOa.exe
  2⤵
  PID:13040
- C:\Windows\System\sJLEeet.exe
  C:\Windows\System\sJLEeet.exe
  2⤵
  PID:13056
- C:\Windows\System\muyNXCg.exe
  C:\Windows\System\muyNXCg.exe
  2⤵
  PID:13096
- C:\Windows\System\ecSwKVP.exe
  C:\Windows\System\ecSwKVP.exe
  2⤵
  PID:13124
- C:\Windows\System\tyLTDpY.exe
  C:\Windows\System\tyLTDpY.exe
  2⤵
  PID:13148
- C:\Windows\System\OpNlpzk.exe
  C:\Windows\System\OpNlpzk.exe
  2⤵
  PID:13168
- C:\Windows\System\pZuUMbl.exe
  C:\Windows\System\pZuUMbl.exe
  2⤵
  PID:13208
- C:\Windows\System\dexMYqs.exe
  C:\Windows\System\dexMYqs.exe
  2⤵
  PID:13228
- C:\Windows\System\lhEBQVv.exe
  C:\Windows\System\lhEBQVv.exe
  2⤵
  PID:13244
- C:\Windows\System\RzSYgNI.exe
  C:\Windows\System\RzSYgNI.exe
  2⤵
  PID:13264
- C:\Windows\System\SYNKqUj.exe
  C:\Windows\System\SYNKqUj.exe
  2⤵
  PID:13284
- C:\Windows\System\BAAhOHQ.exe
  C:\Windows\System\BAAhOHQ.exe
  2⤵
  PID:11552
- C:\Windows\System\eLehsRH.exe
  C:\Windows\System\eLehsRH.exe
  2⤵
  PID:12408
- C:\Windows\System\CbsVUql.exe
  C:\Windows\System\CbsVUql.exe
  2⤵
  PID:12440
- C:\Windows\System\mfYhOdS.exe
  C:\Windows\System\mfYhOdS.exe
  2⤵
  PID:12536
- C:\Windows\System\tSHBEgE.exe
  C:\Windows\System\tSHBEgE.exe
  2⤵
  PID:12596
- C:\Windows\System\zVAjTxS.exe
  C:\Windows\System\zVAjTxS.exe
  2⤵
  PID:12676
- C:\Windows\System\ZNpWSBo.exe
  C:\Windows\System\ZNpWSBo.exe
  2⤵
  PID:12728
- C:\Windows\System\DTlGQtf.exe
  C:\Windows\System\DTlGQtf.exe
  2⤵
  PID:12776
- C:\Windows\System\redCInM.exe
  C:\Windows\System\redCInM.exe
  2⤵
  PID:12868
- C:\Windows\System\dOhjyYZ.exe
  C:\Windows\System\dOhjyYZ.exe
  2⤵
  PID:12944
- C:\Windows\System\CbVZAWD.exe
  C:\Windows\System\CbVZAWD.exe
  2⤵
  PID:12992
- C:\Windows\System\zfhjWUb.exe
  C:\Windows\System\zfhjWUb.exe
  2⤵
  PID:13048
- C:\Windows\System\IgqTOAi.exe
  C:\Windows\System\IgqTOAi.exe
  2⤵
  PID:13092
- C:\Windows\System\MODKhqV.exe
  C:\Windows\System\MODKhqV.exe
  2⤵
  PID:13160
- C:\Windows\System\lPzRYwV.exe
  C:\Windows\System\lPzRYwV.exe
  2⤵
  PID:13184
- C:\Windows\System\ymYVmHy.exe
  C:\Windows\System\ymYVmHy.exe
  2⤵
  PID:12368
- C:\Windows\System\IjvUXeC.exe
  C:\Windows\System\IjvUXeC.exe
  2⤵
  PID:12544
- C:\Windows\System\CBMpBwl.exe
  C:\Windows\System\CBMpBwl.exe
  2⤵
  PID:12648
- C:\Windows\System\aPTyizi.exe
  C:\Windows\System\aPTyizi.exe
  2⤵
  PID:12756
- C:\Windows\System\sujbBpV.exe
  C:\Windows\System\sujbBpV.exe
  2⤵
  PID:12976
- C:\Windows\System\dQeccsu.exe
  C:\Windows\System\dQeccsu.exe
  2⤵
  PID:13032
- C:\Windows\System\EhkrbhY.exe
  C:\Windows\System\EhkrbhY.exe
  2⤵
  PID:13296
- C:\Windows\System\HMcAGqA.exe
  C:\Windows\System\HMcAGqA.exe
  2⤵
  PID:12372
- C:\Windows\System\mzYNVlH.exe
  C:\Windows\System\mzYNVlH.exe
  2⤵
  PID:12520
- C:\Windows\System\TMAGoxT.exe
  C:\Windows\System\TMAGoxT.exe
  2⤵
  PID:13080
- C:\Windows\System\eOKCHUN.exe
  C:\Windows\System\eOKCHUN.exe
  2⤵
  PID:12920
- C:\Windows\System\MMQZNXP.exe
  C:\Windows\System\MMQZNXP.exe
  2⤵
  PID:13164
- C:\Windows\System\CtMWZCJ.exe
  C:\Windows\System\CtMWZCJ.exe
  2⤵
  PID:13340
- C:\Windows\System\rPewUee.exe
  C:\Windows\System\rPewUee.exe
  2⤵
  PID:13356
- C:\Windows\System\GYlVtZa.exe
  C:\Windows\System\GYlVtZa.exe
  2⤵
  PID:13384
- C:\Windows\System\XPprDRF.exe
  C:\Windows\System\XPprDRF.exe
  2⤵
  PID:13428
- C:\Windows\System\KLwZcTl.exe
  C:\Windows\System\KLwZcTl.exe
  2⤵
  PID:13456
- C:\Windows\System\GtVgbog.exe
  C:\Windows\System\GtVgbog.exe
  2⤵
  PID:13484
- C:\Windows\System\qzXZwHE.exe
  C:\Windows\System\qzXZwHE.exe
  2⤵
  PID:13512
- C:\Windows\System\WzltBYw.exe
  C:\Windows\System\WzltBYw.exe
  2⤵
  PID:13528
- C:\Windows\System\rAVPWAV.exe
  C:\Windows\System\rAVPWAV.exe
  2⤵
  PID:13556
- C:\Windows\System\IjKrBsO.exe
  C:\Windows\System\IjKrBsO.exe
  2⤵
  PID:13596
- C:\Windows\System\BqRTIIR.exe
  C:\Windows\System\BqRTIIR.exe
  2⤵
  PID:13624
- C:\Windows\System\rpJMWnN.exe
  C:\Windows\System\rpJMWnN.exe
  2⤵
  PID:13652
- C:\Windows\System\aAvYeCS.exe
  C:\Windows\System\aAvYeCS.exe
  2⤵
  PID:13680
- C:\Windows\System\ngZbGqa.exe
  C:\Windows\System\ngZbGqa.exe
  2⤵
  PID:13708
- C:\Windows\System\RDoNasO.exe
  C:\Windows\System\RDoNasO.exe
  2⤵
  PID:13736
- C:\Windows\System\gAmwVsw.exe
  C:\Windows\System\gAmwVsw.exe
  2⤵
  PID:13772
- C:\Windows\System\sabcdds.exe
  C:\Windows\System\sabcdds.exe
  2⤵
  PID:13796
- C:\Windows\System\hNAJLfh.exe
  C:\Windows\System\hNAJLfh.exe
  2⤵
  PID:13824
- C:\Windows\System\gpExPis.exe
  C:\Windows\System\gpExPis.exe
  2⤵
  PID:13852
- C:\Windows\System\wUjtIWS.exe
  C:\Windows\System\wUjtIWS.exe
  2⤵
  PID:13876
- C:\Windows\System\WBVjJkV.exe
  C:\Windows\System\WBVjJkV.exe
  2⤵
  PID:13896
- C:\Windows\System\hRoopVQ.exe
  C:\Windows\System\hRoopVQ.exe
  2⤵
  PID:13924
- C:\Windows\System\llyOQme.exe
  C:\Windows\System\llyOQme.exe
  2⤵
  PID:13964
- C:\Windows\System\ahtRUEt.exe
  C:\Windows\System\ahtRUEt.exe
  2⤵
  PID:13984
- C:\Windows\System\AnYwGYX.exe
  C:\Windows\System\AnYwGYX.exe
  2⤵
  PID:14008
- C:\Windows\System\ldELsJo.exe
  C:\Windows\System\ldELsJo.exe
  2⤵
  PID:14036
- C:\Windows\System\UeUrbQe.exe
  C:\Windows\System\UeUrbQe.exe
  2⤵
  PID:14056
- C:\Windows\System\PlCCGIn.exe
  C:\Windows\System\PlCCGIn.exe
  2⤵
  PID:14076
- C:\Windows\System\fxWNaWc.exe
  C:\Windows\System\fxWNaWc.exe
  2⤵
  PID:14124
- C:\Windows\System\OKIHvwd.exe
  C:\Windows\System\OKIHvwd.exe
  2⤵
  PID:14148
- C:\Windows\System\JRGtAKK.exe
  C:\Windows\System\JRGtAKK.exe
  2⤵
  PID:14168
- C:\Windows\System\SZqFNVg.exe
  C:\Windows\System\SZqFNVg.exe
  2⤵
  PID:14196
- C:\Windows\System\vaTQBlk.exe
  C:\Windows\System\vaTQBlk.exe
  2⤵
  PID:14228
- C:\Windows\System\FpyVKem.exe
  C:\Windows\System\FpyVKem.exe
  2⤵
  PID:14260
- C:\Windows\System\TYbkCbW.exe
  C:\Windows\System\TYbkCbW.exe
  2⤵
  PID:14296
- C:\Windows\System\HDSvsHK.exe
  C:\Windows\System\HDSvsHK.exe
  2⤵
  PID:14328
- C:\Windows\System\lmmFUHs.exe
  C:\Windows\System\lmmFUHs.exe
  2⤵
  PID:13336
- C:\Windows\System\PmPqPKu.exe
  C:\Windows\System\PmPqPKu.exe
  2⤵
  PID:13368
- C:\Windows\System\dAjllha.exe
  C:\Windows\System\dAjllha.exe
  2⤵
  PID:13404
- C:\Windows\System\HpDHTjX.exe
  C:\Windows\System\HpDHTjX.exe
  2⤵
  PID:13476
- C:\Windows\System\uIVTXSt.exe
  C:\Windows\System\uIVTXSt.exe
  2⤵
  PID:13524
- C:\Windows\System\GIlVVnb.exe
  C:\Windows\System\GIlVVnb.exe
  2⤵
  PID:13576
- C:\Windows\System\wUVEVEG.exe
  C:\Windows\System\wUVEVEG.exe
  2⤵
  PID:13636
- C:\Windows\System\iqSsBph.exe
  C:\Windows\System\iqSsBph.exe
  2⤵
  PID:13732
- C:\Windows\System\XKDBYWB.exe
  C:\Windows\System\XKDBYWB.exe
  2⤵
  PID:13784
- C:\Windows\System\XcflXLo.exe
  C:\Windows\System\XcflXLo.exe
  2⤵
  PID:13836
- C:\Windows\System\ZZGRkzI.exe
  C:\Windows\System\ZZGRkzI.exe
  2⤵
  PID:13888
- C:\Windows\System\TzrUAcw.exe
  C:\Windows\System\TzrUAcw.exe
  2⤵
  PID:13972
- C:\Windows\System\QLsSAot.exe
  C:\Windows\System\QLsSAot.exe
  2⤵
  PID:14020
- C:\Windows\System\DMnVnBT.exe
  C:\Windows\System\DMnVnBT.exe
  2⤵
  PID:14140
- C:\Windows\System\IrBebDp.exe
  C:\Windows\System\IrBebDp.exe
  2⤵
  PID:14184
- C:\Windows\System\jXHnOTK.exe
  C:\Windows\System\jXHnOTK.exe
  2⤵
  PID:14248
- C:\Windows\System\WXHvgfL.exe
  C:\Windows\System\WXHvgfL.exe
  2⤵
  PID:14316
- C:\Windows\System\wdUhTfn.exe
  C:\Windows\System\wdUhTfn.exe
  2⤵
  PID:13348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AlzdYsd.exe

Filesize
2.3MB

MD5
0b205203c3c575f1ecab66637a85adef

SHA1
c9c230b1c1b5230ba2b16b0c21fb7c3e37f49b37

SHA256
7fa1c7a9e8bde6d011793b5855cf8f4012f57a38f97fad7ab70de8fb2b10241f

SHA512
9e71a13590d2d8bc3f7d4b99771b4a4dc98a4d4c587a146c19c48567f863376dab11ea1c8e04f77db3aee726fdaddf62f7a9b5419d49b4c01eee4dc95aba8265

Download Submit
C:\Windows\System\BZrCvBo.exe

Filesize
2.3MB

MD5
f06462c04d6cfca0393176d62e9d4864

SHA1
0b05b8727d729635407926ea6e0d9a7b61b2fd71

SHA256
9642dc5792b06007bea7677bbb099a378d70b309c420f41c5519abedfcacdf29

SHA512
8e827daab27d1974dc767ec5fef99518cdc334d01dfd4ed9f410c497d5e3658d15a51423c8e21dd33bed86cddc5ddedf7621b27afe0769f8f2ec3a1460c8a88b

Download Submit
C:\Windows\System\HxRbDiu.exe

Filesize
2.3MB

MD5
549f98cf3349092e8b8e4f54836f85d8

SHA1
3cb3f59b21fde0510672c1b8bc1cb2965abd9960

SHA256
c80993aaec45e11190159494be76963f8a4b7362ab9edb63e2f0ee25baac35bb

SHA512
a95c94cf099bb209fe7eecfc337d68ea9935155a7d5f1f4238fe8c6e33c18b1379b9c230f0aa79c1cb071379e391ee4fa0c145ad5247858eb81c3078816ec2e5

Download Submit
C:\Windows\System\LZXBvob.exe

Filesize
2.3MB

MD5
38f0b307a18606a5940cea81f8cc8acc

SHA1
1866caffe95e66feb6ae6f454f96e68d46606f80

SHA256
86f2fc9dafcebf15cc6958c7234b58e84235e4ab9ae9871a8509f4b42c33829f

SHA512
942d9bc659500460d4087502dd11afd01f04e30c329839af99209eaa708685672df097c20ba9b9986ad2b02532becf1bf7adf30168f8b8b3cb15fb08587e503d

Download Submit
C:\Windows\System\NbYgQQr.exe

Filesize
2.3MB

MD5
65d98718c6ad15e60962ea8b7abef433

SHA1
7d3de18dbbd8ea2de6f300e9900168dc97c536a7

SHA256
4422cdb97acae9a1f481ad3c9f9705ae7991d73e1247c0528c2ad710d798f46b

SHA512
cdc044eccf039d306348ce678dc595fc129ffd499b85c7a3ca85b9977b69bcee8a83711eb4676ddefc059b7b99b38bc3442cf3a52b4b9647af964c9b05cfe0e4

Download Submit
C:\Windows\System\ONCOLci.exe

Filesize
2.3MB

MD5
702b4894d35a1dee79fbb20e5ff2ce6a

SHA1
a28c1588db161fc194fc06a7adc145ed220984c0

SHA256
eca4afb456102f212134da2b899b439801c181b78e5c973bd0b5d3dcb684a463

SHA512
e15fdb03444d7f0041f11d34d750f1aae72a4fc2a072fb01588dc7e8594a28536cb56103adabe51f0f744c1275fafa0f621999436e8eb24f0d279ee8a85414de

Download Submit
C:\Windows\System\OPMLVrs.exe

Filesize
2.3MB

MD5
9518e78c84c5382e6bce137a7f1867b1

SHA1
d38a75623d4c6297462fa050aefa61f981f8793d

SHA256
5dde570f1ea73c3b090ecbb4cc6e5adf61a8da66927972b4726f29bda1a84ae4

SHA512
53c729b0d3a5f67cf3f89076518f796bf0f810a3d054d39c23164a8bbf0f97b5c2438e568a973c0fb267bc93924d5135b5ac4a9fa51495eff3a891f3c7d7ba84

Download Submit
C:\Windows\System\QLIQGfD.exe

Filesize
2.3MB

MD5
56290458ecddd941179c4099937f5a11

SHA1
8b0b030b8aebe7075afb5f9cb7fae082f7bcc454

SHA256
83d20bf1f132693689b72c5b2b7e359ea6598ff8d1e969def8a7c8db01fc8293

SHA512
ccd6d000970def1a348b8896a053eb3b03c8698f813cfbc81ab4f09c665dc6872cc6ea2b1a54e739bfe30af26a4294dab4d048cbd1e69416c8b119ee990817be

Download Submit
C:\Windows\System\QmTqTXr.exe

Filesize
2.3MB

MD5
2a9d7e859e39481ba292478ec5d500a8

SHA1
e47b4424a6b43b9096be6ab0c79d4e17534ba651

SHA256
e81cb00e17400c4fb3ffa32f1675c2540119a95187efeccafa80f52437b44b8a

SHA512
994390305c999b7f0ae38e2f384c451db77d6b09d199e17dec26732c0ab4195129409839f1694bb384132a24f5eb19da23f1f4373623520b04645e5104f5c59b

Download Submit
C:\Windows\System\QvEqTOs.exe

Filesize
2.3MB

MD5
af3329ee4875c1c6b7a3226b00e263c5

SHA1
6964340dfeeaf24ac700e1a4c14d430c27efff9c

SHA256
c2e87cde948db05b0806ba86a21a0fb281c163e8c0d972c02ca5430bf2984414

SHA512
f606ade50ecd9416af5a10b4a262be2c65880e07df527f093b2a311c6e5df3e5ab642b2abcef3c717037bc13481c401beb73cab07f89b2c3c1f3a543491d2340

Download Submit
C:\Windows\System\TEahPus.exe

Filesize
2.3MB

MD5
f95ff2463742fa5ed1a95fac9ffe3a12

SHA1
24a5575439014ac133d73a32d3051fadff49bece

SHA256
1b38331b698d6c6fd5f2f5b782474fdad71279de198e247c4e713f43ce319f34

SHA512
c3652b60dcfe7d9ef2d5eb881a6bd4343a461cb050dd87bbda20b027c3ceeabdfe7b0e69f01c841dabb11bfe4b3306c9a988c0a8bd6c3b9adae82bf50339de2f

Download Submit
C:\Windows\System\TtYDcOz.exe

Filesize
2.3MB

MD5
7f93a2ff4f4d08019b923eac92522f1d

SHA1
aa21ccec3967972f91ae6bf10d5b5c5b2f97b954

SHA256
28b03d850db5871a700ba373e02a733ca528d472bb9de6b04991e0ba8e7eb175

SHA512
58bc584e05c879a4d48b9429fe81425b295f6f341d81920be59ef22967bd6ab133c741e0c37cce25ce63cc5a7ba3bd1cbfefc141b0310b20775661dad742b311

Download Submit
C:\Windows\System\VIvxEQd.exe

Filesize
2.3MB

MD5
50d3de3f7e1a617a7352de19fe09a24a

SHA1
3f74b86d1fe6df57f490794fd56a69f47948169c

SHA256
62ca514d77ff5aad1b3dfcd85b2e4524f4435770bdedec394562c255f42d50d5

SHA512
77df2e0be566fd742ae4d6e1439907d8850ef6a397ad804d5a2559ff90a19394807c81c06658b0b042408afc18e788b1b89784b441e453ffcdf0d48aaabecfb9

Download Submit
C:\Windows\System\WOMmBbK.exe

Filesize
2.3MB

MD5
5e8ad007dded993b7407f32cbf3ab71d

SHA1
f3fa1ca82d264ffd58b0ac12ed10db1366705e95

SHA256
a6e5b3802890fabd562f8c6436e12b938e2cd6a25bcdb2c650233efacb00041c

SHA512
08f565f8db2892b742199929c0783644b533e04b20a4cd259659e5339848106aa765d863388c693742c558d634b0470121632519567b72ba8a612a262c15d105

Download Submit
C:\Windows\System\WQWTFXr.exe

Filesize
2.3MB

MD5
0c8c091f12ae9b093b4e137b889c174c

SHA1
d85ff75f1a0c06ce75b0925b0d73689c8a7da050

SHA256
e6c3d43f92a5e588f625e2f625a3c7116e4e19dff49b7fa9959a0209cc691250

SHA512
9c8140ef9efc7b5011876d3786415cff0c63b0fe265e95be40e3ecad76213620abc47998cfe461428f67ef0094a1e5b291234b06416955e388655251c5e43478

Download Submit
C:\Windows\System\WaiYqCZ.exe

Filesize
2.3MB

MD5
4094e454e9e8646a3ce9a19944abfae5

SHA1
a8c2f84ce874140672ac87dd2678ee1ad6a1ef36

SHA256
57a39742ed4c20b844a0350384536a9d0f1f250b3979e085a4ccbfbc444e6a90

SHA512
934bc57c9c74da5996d7682e48b5d4eaa52e4d417c870bb66d3713f16fa3e84317318db8378c6e6325561e76bfd18220db38635750af402818106d021a412186

Download Submit
C:\Windows\System\XzZPkEh.exe

Filesize
2.3MB

MD5
f9aee1c85c6f54aa9f7d40cf424aab20

SHA1
453b45734372482e2e3585986263d28c3b1ba8e8

SHA256
adf9bddb3de5783509e5998d18bd9c154f3ce859fda2a3afa46337e4810920c5

SHA512
81a2787a4040207d180ba67e8a2aa86c394ea48da55d8887bdd9c4ab5710ab833bd5ac480ec40cae44ed576eab17aa65c2741d73cbdcb5e0555338dab47a49e1

Download Submit
C:\Windows\System\YLxQRVi.exe

Filesize
2.3MB

MD5
0132490b024d1a9d2e17651f4cd7b7be

SHA1
4d97a5c7ec48ea0356b4e4b36109d44f9a4f0564

SHA256
09a3b210c101e2501c018b70f2d686038fbbbc97b0d291b9671a0dcbebca199d

SHA512
255424966107ca94cd14d7c42005f921dc441bd913e61606ff79814a2effdd14c3bea9eb440e4afbee3f03e469d5ae9d4f6ce856af946a2c082ffce6774a1067

Download Submit
C:\Windows\System\ZVCskEZ.exe

Filesize
2.3MB

MD5
090de2e0bddb9445a04294f8e03ace0b

SHA1
cc78dd105a439517e627a3071b5208420586700c

SHA256
4b937543aa6e0f8cb33b4fe8a9ab6d6b0f3e4f41f8e68daa3a5144853d23644a

SHA512
79459252c243d30a87a5c7f2b1e3b30faa71987ba9ed61fadb7f575445bde27956badffabfd528ab13ddb83ae2e5a71828f3a8d35c397ef93a3f40b045ef75b0

Download Submit
C:\Windows\System\awbWXWF.exe

Filesize
2.3MB

MD5
806e3ef83b926d081f47a14844013fb3

SHA1
3ab18e4e419151715fbe77f3cf164bee093417ec

SHA256
3410c15585ea6b20386ae4bfd329c5d97aa04cd526501867f312235041f28c5b

SHA512
f63a864fe9de4322b97d83bcad2c41b2ee6c1143c4c16b81b26897a785a067be08e142ff8e3f152d16b0d1b3380e7c95789e5d80294c22a5a2fdb0861bcb0d6f

Download Submit
C:\Windows\System\clHLqeD.exe

Filesize
2.3MB

MD5
77d5d78d22169f20f137c4b5a08ccc91

SHA1
25d8ed757dd233861a634960178539f66b0b1965

SHA256
cc5e9e578b326d646253f646304e4d13d1d76e001eacadd4f17b3d2f715ae72a

SHA512
4c813d90d3f6db1eb25b03bd9bf0a4b400f35ff30d230cb7e109dfcb4be8a207f0319fe27900911dc1c2e44aa7d48b933355b3c0e37fffc6980dc6062379a8e8

Download Submit
C:\Windows\System\gfOCuXt.exe

Filesize
2.3MB

MD5
e5b2bbfb6fb9bd0fc2bcafca6308c3f2

SHA1
8846e42fed30bac65d4c159ffef27d4b5e3c4c6a

SHA256
97db2465bcd1447d00c33472086102beae38387a2131fc3d7d1b10cc6006f748

SHA512
135e065985e5273e7382e68ef392ef04dd1f9b5fb93f67c285831a0435b4134ad11b075a62608af11320ff798b2b0b18519cf88948253e583ef2ca0442eb7dfa

Download Submit
C:\Windows\System\jhbxImU.exe

Filesize
2.3MB

MD5
0c6fc3135702e7103da9b4097271dec3

SHA1
eb25f80c635a22eba88b921646a18a1aa45c69d4

SHA256
1eb650e4b940ae0f0d6e3256513e3332b47c6a8ff0924a6ba9454d8a076b53ae

SHA512
2e1ceebaf94b3765737308fb6c0ebbd7af77e840a95cb5e2d698c4133d1dce06df4b657fded9080c6ab95292058eb964f638b295e0c1b67c68f492906a53c4ba

Download Submit
C:\Windows\System\lJJUkZX.exe

Filesize
2.3MB

MD5
9d8d1e138b8e566a9318e67a5eb4e14a

SHA1
638c3234f3adf7542501258de5a55055ce820c57

SHA256
0197c6d63ba527d8edd631fd5e8be137f1e306df5151780638717d33936e1470

SHA512
a5b43d71f16742696c73e014adb1b15f7a4a93ace93247d4256ad0d0395e599a8d06bc5701b3395bae234f1c3979315562b6cac9816c2a12109942123edf3213

Download Submit
C:\Windows\System\oDyGmtS.exe

Filesize
2.3MB

MD5
fe23072e275a9255a26bd7ae5d926c9f

SHA1
db0af1d640b72018ce060669c4b2101b35b51c7d

SHA256
3b4e218f70681211baac097c70d951035d778f55248261ddbe6ac77beab4c9ef

SHA512
380a2367898a6c2c19bd8c66fea3f019a36f7c70115c2bea1da427e019c11bceb144ba56bde65c77a91d614fd8658c60629a5e86d163452c48e8e93b635be5d6

Download Submit
C:\Windows\System\rGseSTH.exe

Filesize
2.3MB

MD5
350065900cf0a4105a918f5cb7d5562b

SHA1
ac0920bcd6e4f9d13632529dc9f8d29ecbf18d88

SHA256
8de16520cb63ba3799a5a55f0f4467bd584c07cd0b6cf8684365bbf0af60e450

SHA512
2c5ea34f4fad6eecd417f1a844628ffd6d04e98b5b84628bff2917e1bfb13a1c16f322904607197f1e3cbf19ae5be395a242b28337e024478fc2318174677027

Download Submit
C:\Windows\System\riPVIMo.exe

Filesize
2.3MB

MD5
cbb5d0558d4a978dde4bf7c285e0a7f7

SHA1
a3a3bf0d1f2b03a89062dd7516e2fe7a699d387f

SHA256
c627fe05eb68dd3187568896d599b10043b77f63786a9acc7c312906ec7adad9

SHA512
72d446d8500cf1949adcb0f4d92fd46202dcd51c227996c6ec2b1fe6edfa8c400cb5c04a85a060c71e98553b32436a4ba23113ab4fede810e54e04aa41a82dba

Download Submit
C:\Windows\System\rjAshBF.exe

Filesize
2.3MB

MD5
4b556cb14e95c31e2980ecaeebcd8d02

SHA1
88cc6751536d90113a3190cfffa753dffa521251

SHA256
5efb41ad47048122c61f524f4bceb28b986e457311ab3065cb8b2161e3543c9d

SHA512
678c7f41751f91bbf9dd12c928edd04ed8e84311aee08cc590cfc6c8d7bb3b62773a47a4a65688a91bf09c676197d3bbd01b773394eb879c7380b6b043464fb5

Download Submit
C:\Windows\System\sneqlHt.exe

Filesize
2.3MB

MD5
d25706095107ed171b3e592268bb9d7b

SHA1
2522a5128c726d8cb607c237275b915c586a9a0c

SHA256
6c2c786b96309318184c713ea22aa58b9133769d0c29b6edb72c1dae6bb7319c

SHA512
3fadc4d36324635fca25dce9ba6838c7633ef51a042dbc03b1934ca73ff46f27510157d23f11bcaf0e0dafaaba5b7b88ce49031c9667bb041986623edde68806

Download Submit
C:\Windows\System\uYUzzMf.exe

Filesize
2.4MB

MD5
f56ae91e893cd227eec08db4be233201

SHA1
ef0c05f0dbebac3cfee27684deb0cb06e2a5d4f5

SHA256
dd684743d9efe7984a206e8575a9b08972d6f30bc691a95d07bf9caf4f0a3c94

SHA512
9e84c1c2bb1107a62be5cdac77bf9972b07f06c70dc7dc8cec7a6677bdec9605d2f9951fd3c8b52726f5572ea8187841900af5ca55e2a069760bb5d23fd9087c

Download Submit
C:\Windows\System\vYzThkR.exe

Filesize
2.3MB

MD5
c08cc73ebc720f2672ba77d290021549

SHA1
b411022a7dccd9ac05c7fa8ab79070181d50c4f1

SHA256
7fcbe1950501dd4b5b38aa8b5944fcd7305c9342cb1ebf7b95827b042eb90056

SHA512
51c3ccd44fce56f1f3460d7202cc9d58e8319d9a62a3b4a48509a7ba54a59e71453115b3c332a3f1ac785a4770680a917bdaf4c28a2fde4c34cb4ddbfc552288

Download Submit
C:\Windows\System\yQacfRM.exe

Filesize
2.3MB

MD5
e77c5b4c70d8096e91bb402627da61c2

SHA1
f70a5c829cc73397984eefd6abc5fed0823f35d0

SHA256
a07b08716ac6579b181ac6825a84f6612b527cbeea2e3ef170407fba7d3ea77f

SHA512
c16e9f5a9ec6cd5230c57bffd3672d40e54e2de741353ceea751a4942cb5e52dfba29f92a60ad0f0822e82035a968e044564b1cf11d127e030a2548e3e99f8da

Download Submit
memory/388-607-0x00007FF723820000-0x00007FF723B74000-memory.dmp

Filesize
3.3MB

Download
memory/388-2154-0x00007FF723820000-0x00007FF723B74000-memory.dmp

Filesize
3.3MB

Download
memory/392-2145-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/392-85-0x00007FF7C4750000-0x00007FF7C4AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1104-592-0x00007FF6B99E0000-0x00007FF6B9D34000-memory.dmp

Filesize
3.3MB

Download
memory/1104-2153-0x00007FF6B99E0000-0x00007FF6B9D34000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1026-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-0-0x00007FF623DA0000-0x00007FF6240F4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1-0x000002324E580000-0x000002324E590000-memory.dmp

Filesize
64KB

Download
memory/1484-2146-0x00007FF735C90000-0x00007FF735FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1484-100-0x00007FF735C90000-0x00007FF735FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2136-0x00007FF60A460000-0x00007FF60A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-20-0x00007FF60A460000-0x00007FF60A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2130-0x00007FF60A460000-0x00007FF60A7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-16-0x00007FF665AF0000-0x00007FF665E44000-memory.dmp

Filesize
3.3MB

Download
memory/1676-2134-0x00007FF665AF0000-0x00007FF665E44000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2156-0x00007FF670840000-0x00007FF670B94000-memory.dmp

Filesize
3.3MB

Download
memory/1680-612-0x00007FF670840000-0x00007FF670B94000-memory.dmp

Filesize
3.3MB

Download
memory/1816-615-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2158-0x00007FF770CA0000-0x00007FF770FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1980-83-0x00007FF6796B0000-0x00007FF679A04000-memory.dmp

Filesize
3.3MB

Download
memory/1980-2142-0x00007FF6796B0000-0x00007FF679A04000-memory.dmp

Filesize
3.3MB

Download
memory/2076-97-0x00007FF63C030000-0x00007FF63C384000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2143-0x00007FF63C030000-0x00007FF63C384000-memory.dmp

Filesize
3.3MB

Download
memory/2212-583-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-2151-0x00007FF7F9580000-0x00007FF7F98D4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-596-0x00007FF7C4910000-0x00007FF7C4C64000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2161-0x00007FF7C4910000-0x00007FF7C4C64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-588-0x00007FF670DE0000-0x00007FF671134000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2152-0x00007FF670DE0000-0x00007FF671134000-memory.dmp

Filesize
3.3MB

Download
memory/2760-632-0x00007FF7C02B0000-0x00007FF7C0604000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2148-0x00007FF7C02B0000-0x00007FF7C0604000-memory.dmp

Filesize
3.3MB

Download
memory/3016-600-0x00007FF6F3300000-0x00007FF6F3654000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2155-0x00007FF6F3300000-0x00007FF6F3654000-memory.dmp

Filesize
3.3MB

Download
memory/3484-2135-0x00007FF6B5070000-0x00007FF6B53C4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-2131-0x00007FF6B5070000-0x00007FF6B53C4000-memory.dmp

Filesize
3.3MB

Download
memory/3484-23-0x00007FF6B5070000-0x00007FF6B53C4000-memory.dmp

Filesize
3.3MB

Download
memory/3680-2160-0x00007FF71F7E0000-0x00007FF71FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3680-625-0x00007FF71F7E0000-0x00007FF71FB34000-memory.dmp

Filesize
3.3MB

Download
memory/3740-59-0x00007FF7C0400000-0x00007FF7C0754000-memory.dmp

Filesize
3.3MB

Download
memory/3740-2140-0x00007FF7C0400000-0x00007FF7C0754000-memory.dmp

Filesize
3.3MB

Download
memory/3840-2159-0x00007FF6A3420000-0x00007FF6A3774000-memory.dmp

Filesize
3.3MB

Download
memory/3840-629-0x00007FF6A3420000-0x00007FF6A3774000-memory.dmp

Filesize
3.3MB

Download
memory/3844-620-0x00007FF682760000-0x00007FF682AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3844-2157-0x00007FF682760000-0x00007FF682AB4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-53-0x00007FF765270000-0x00007FF7655C4000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2139-0x00007FF765270000-0x00007FF7655C4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2149-0x00007FF680990000-0x00007FF680CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-90-0x00007FF680990000-0x00007FF680CE4000-memory.dmp

Filesize
3.3MB

Download
memory/3956-2132-0x00007FF680990000-0x00007FF680CE4000-memory.dmp

Filesize
3.3MB

Download
memory/4088-2141-0x00007FF6C1730000-0x00007FF6C1A84000-memory.dmp

Filesize
3.3MB

Download
memory/4088-76-0x00007FF6C1730000-0x00007FF6C1A84000-memory.dmp

Filesize
3.3MB

Download
memory/4168-48-0x00007FF6B7C90000-0x00007FF6B7FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4168-2138-0x00007FF6B7C90000-0x00007FF6B7FE4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-2147-0x00007FF63EA50000-0x00007FF63EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-579-0x00007FF63EA50000-0x00007FF63EDA4000-memory.dmp

Filesize
3.3MB

Download
memory/4864-1822-0x00007FF621F20000-0x00007FF622274000-memory.dmp

Filesize
3.3MB

Download
memory/4864-7-0x00007FF621F20000-0x00007FF622274000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2133-0x00007FF621F20000-0x00007FF622274000-memory.dmp

Filesize
3.3MB

Download
memory/4944-99-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2144-0x00007FF633B50000-0x00007FF633EA4000-memory.dmp

Filesize
3.3MB

Download
memory/5088-37-0x00007FF692820000-0x00007FF692B74000-memory.dmp

Filesize
3.3MB

Download
memory/5088-2137-0x00007FF692820000-0x00007FF692B74000-memory.dmp

Filesize
3.3MB

Download
memory/5100-636-0x00007FF653720000-0x00007FF653A74000-memory.dmp

Filesize
3.3MB

Download
memory/5100-2150-0x00007FF653720000-0x00007FF653A74000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads